Elastic Cloud with APM via .NET Classic Agent.
Goes to the SIEM Source IPs, and see that Bytes In / Bytes Out are Empty
AMP transaction contains request and response length. So I think these fields should be filled.
Hey there Mikhail,
So the Source IP & Destination IP tables are going to query for source.bytes and destination.bytes to populate the Bytes in/out columns (you can verify this using the inspect feature in the top right of the table). I just checked with the APM folks and it doesn't appear that the APM Agent will populate those fields, so that's why you're seeing 0B in those columns.
I believe the behavior here should be that Bytes in/out should show -- to indicate that there is no data, as opposed to displaying 0B. I've open this issue to address this.
Thanks for pointing this out Mikhail! 
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.