This one is something that can come in handy..
Want to know when your children are using the Internet?
This graph is by hour and you can make separate dashboard widgets for each kid, like I have done.
and let the parental stalking begin!
_sourceCategory=fw_security "action=\"close\""
AND (
"srcmac=\"00:56:00:00:5a:35\"" /* iphone */ OR
"srcmac=\"9c:f3:00:00:06:0e\"" /* mac */ OR
"srcmac=\"20:ee:00:00:5d:2f\"" /* ipad */
)
| keyvalue regex "=(\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}) " keys "srcip","dstip"
| keyvalue regex "=(\d+) " keys "sentbyte", "rcvdbyte"
| keyvalue regex "=\"(\w+)\" " keys "srcintf", "dstintf", "action", "dstintfrole"
| where dstintfrole="wan"
| timeslice 1h
| sum(rcvdbyte) as recvbytes, sum(sentbyte) as sentbytes by _timeslice
| (recvbytes/1000000) as recieved_mib
| (sentbytes/1000000) as sent_mib
| fields - recvbytes, sentbytes