Difference between revisions of "Forensic Data Using the API Request Fields"
From Observer GigaFlow Support | VIAVI Solutions Inc.
Kevin Wilkie (Talk | contribs) (Created page with "When querying forensics data you can pass the following params {| class="wikitable" border="1" |- ! Field ! Field Type ! Field Description ! Examples |- | graphRows | integer ...") |
Kevin Wilkie (Talk | contribs) |
||
(13 intermediate revisions by one user not shown) | |||
Line 1: | Line 1: | ||
+ | URL Format can be found [[Forensic_Data_Using_the_API]] | ||
+ | |||
When querying forensics data you can pass the following params | When querying forensics data you can pass the following params | ||
{| class="wikitable" border="1" | {| class="wikitable" border="1" | ||
|- | |- | ||
− | ! Field | + | ! Field Name |
! Field Type | ! Field Type | ||
! Field Description | ! Field Description | ||
− | ! | + | ! Exampless |
|- | |- | ||
| graphRows | | graphRows | ||
− | | | + | | Integer |
| Specify how many rows should be grouped by and returned in the graph data | | Specify how many rows should be grouped by and returned in the graph data | ||
| "graphRows":20 | | "graphRows":20 | ||
|- | |- | ||
− | | | + | | type |
− | | | + | | String |
− | | | + | | Output type, can be Graph or Table |
− | | | + | | "type:"Graph" |
|- | |- | ||
− | | | + | | reportName |
− | | | + | | String |
− | | | + | | Name of any available forensics report |
− | | | + | | "reportName":"Application Flows" |
|- | |- | ||
− | | | + | | length |
− | | | + | | Integer |
− | | | + | | Number of table rows to return, should be used with the start parameter |
− | | | + | | "length":20,"start":0 |
|- | |- | ||
− | | row | + | | start |
− | | | + | | Integer |
− | | | + | | Which row count to start from when returning a table, should be used with the length parameter |
+ | | "length":20,"start":0 | ||
+ | |- | ||
+ | | device | ||
+ | | Array of Strings | ||
+ | | Selects which infrastructure devices data to include in this report, always recommended. | ||
+ | | "device":["172.21.40.199","172.21.40.254,"172.21.21,254"] | ||
+ | |- | ||
+ | | starttime | ||
+ | | Long or String | ||
+ | | The start time of the period for which data should be included. Either utc in milliseconds or relative time | ||
+ | | "starttime":1578992400000 or "starttime":"2 hours" or "starttime":"2 days" | ||
+ | |- | ||
+ | | endtime | ||
+ | | Long or String | ||
+ | | The end time of the period for which data should be included. Either utc in milliseconds or relative time | ||
+ | | "endtime":1578992400000 or "endtime":"2 hours" or "endtime":"20 minutes" | ||
+ | |- | ||
+ | | reportName | ||
+ | | String | ||
+ | | The name of the forensics report to run. Can be any name from the list in the Gigaglow->Configuration->Reporting->Forensics Reports->Reports list. | ||
+ | | "reportName":"Application Flows" | ||
+ | |- | ||
+ | | appid | ||
+ | | Array of Strings | ||
+ | | The gigaflow appid assigned to traffic | ||
+ | | "appid":["1114273","1116267","393659"] | ||
+ | |- | ||
+ | | add | ||
+ | | Array of Strings | ||
+ | | IP Addresses in either source or destination to filter data for | ||
+ | | "add":["172.21.21.1","172.21.21.14"] | ||
+ | |- | ||
+ | | srcadd | ||
+ | | Array of Strings | ||
+ | | IP Addresses source to filter data for | ||
+ | | "srcadd":["172.21.21.1","172.21.21.14"] | ||
+ | |- | ||
+ | | dstadd | ||
+ | | Array of Strings | ||
+ | | IP Addresses as destination to filter data for | ||
+ | | "dstadd":["172.21.21.1","172.21.21.14"] | ||
+ | |- | ||
+ | | port | ||
+ | | Array of Strings | ||
+ | | IP Port number in either source or destination to filter data for | ||
+ | | "port":["80","443"] | ||
+ | |- | ||
+ | | srcport | ||
+ | | Array of Strings | ||
+ | | IP Port number as source to filter data for | ||
+ | | "srcport":["80","443"] | ||
+ | |- | ||
+ | | dstport | ||
+ | | Array of Strings | ||
+ | | IP Port number as destination to filter data for | ||
+ | | "dstport":["80","443"] | ||
+ | |- | ||
+ | | proto | ||
+ | | Array of Strings | ||
+ | | IP Protocol number to filter data for as per https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml | ||
+ | | "proto":["6","1"] | ||
+ | |- | ||
+ | | directfilter | ||
+ | | String | ||
+ | | SQL filters [[Forensic_Data_Using_The_Direct_Filter]] that can be applied directly to the report query, gives more direct power to support features such as srcport!=161 to exclude data | ||
+ | | "directfilter":"srcport!=161" | ||
|} | |} | ||
− |
Latest revision as of 11:44, 14 January 2020
URL Format can be found Forensic_Data_Using_the_API
When querying forensics data you can pass the following params
Field Name | Field Type | Field Description | Exampless |
---|---|---|---|
graphRows | Integer | Specify how many rows should be grouped by and returned in the graph data | "graphRows":20 |
type | String | Output type, can be Graph or Table | "type:"Graph" |
reportName | String | Name of any available forensics report | "reportName":"Application Flows" |
length | Integer | Number of table rows to return, should be used with the start parameter | "length":20,"start":0 |
start | Integer | Which row count to start from when returning a table, should be used with the length parameter | "length":20,"start":0 |
device | Array of Strings | Selects which infrastructure devices data to include in this report, always recommended. | "device":["172.21.40.199","172.21.40.254,"172.21.21,254"] |
starttime | Long or String | The start time of the period for which data should be included. Either utc in milliseconds or relative time | "starttime":1578992400000 or "starttime":"2 hours" or "starttime":"2 days" |
endtime | Long or String | The end time of the period for which data should be included. Either utc in milliseconds or relative time | "endtime":1578992400000 or "endtime":"2 hours" or "endtime":"20 minutes" |
reportName | String | The name of the forensics report to run. Can be any name from the list in the Gigaglow->Configuration->Reporting->Forensics Reports->Reports list. | "reportName":"Application Flows" |
appid | Array of Strings | The gigaflow appid assigned to traffic | "appid":["1114273","1116267","393659"] |
add | Array of Strings | IP Addresses in either source or destination to filter data for | "add":["172.21.21.1","172.21.21.14"] |
srcadd | Array of Strings | IP Addresses source to filter data for | "srcadd":["172.21.21.1","172.21.21.14"] |
dstadd | Array of Strings | IP Addresses as destination to filter data for | "dstadd":["172.21.21.1","172.21.21.14"] |
port | Array of Strings | IP Port number in either source or destination to filter data for | "port":["80","443"] |
srcport | Array of Strings | IP Port number as source to filter data for | "srcport":["80","443"] |
dstport | Array of Strings | IP Port number as destination to filter data for | "dstport":["80","443"] |
proto | Array of Strings | IP Protocol number to filter data for as per https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml | "proto":["6","1"] |
directfilter | String | SQL filters Forensic_Data_Using_The_Direct_Filter that can be applied directly to the report query, gives more direct power to support features such as srcport!=161 to exclude data | "directfilter":"srcport!=161" |