The search that is run behind the scenes in S.O.S. is essentially:
index=_internal host="*" source=*metrics.log group="per_index_thruput" | bin _time | stats sum(kb) AS KB by series,_time | timechart minspan=30s sum(eval(round(KB/1024/1024,2))) by series
Does that give you what you need? - assuming the time span is selected for what you're looking for (aka yesterday, last week, etc.)
Hi yes, when I click on "open in search" that's the query, but where in that query are they speciifying only to return top 10? How do I modify that query to include all of indexes, or if I wanted to filter for a particuliar index? Thanks in advance.