I have a question about a query within the Palo Alto App. As shipped the app displays total traffic grouped by egress and ingress interfaces. I just want to see the total egress traffic and the total ingress traffic.
How would I modify the query below (from Palo Alto App) in order to show just total traffic out of the PAN?
"search">|tstats sum(bytes) As sb FROM pan_traffic where log_subtype=end $action$ $src_ip$ $dst_ip$ $dst_port$ $src_user$ $app$ groupby egress_interface | eval sumBytes = sb/(1024*1024) | stats values(sumBytes) AS MegaBytes engress_interface