Elastic Cloud with APM via .NET Classic Agent.
Goes to the SIEM Source IPs, and see that Bytes In / Bytes Out are Empty
AMP transaction contains request and response length. So I think these fields should be filled.
Hey there Mikhail,
So the Source IP & Destination IP tables are going to query for source.bytes and destination.bytes to populate the Bytes in/out columns (you can verify this using the inspect feature in the top right of the table). I just checked with the APM folks and it doesn't appear that the APM Agent will populate those fields, so that's why you're seeing 0B in those columns.
I believe the behavior here should be that Bytes in/out should show -- to indicate that there is no data, as opposed to displaying 0B. I've open this issue to address this.
Thanks for pointing this out Mikhail! 