My customer needs ITDA to send the notification when it's collecting data more than 200GB per day.
I can find that by the following search:
_index=metrics (events > 0) && (engine = "COLLECTION_STATION" || engine = "COLLECTION_DROID" || engine = "COLLECTION_KM") | stats sum(bytes-indexed) as bytes
Unfortunately, ITDA doesn't support tabular commands in notification.
So please add this feature to ITDA.