Difference between revisions of "Forensic Data Using the API Request Fields"

From Observer GigaFlow Support | VIAVI Solutions Inc.
Jump to: navigation, search
Line 67: Line 67:
 
| Array of Strings
 
| Array of Strings
 
| IP Addresses source to filter data for
 
| IP Addresses source to filter data for
| "add":["172.21.21.1","172.21.21.14"]
+
| "srcadd":["172.21.21.1","172.21.21.14"]
 
|-
 
|-
 
| dstadd
 
| dstadd
 
| Array of Strings
 
| Array of Strings
 
| IP Addresses as destination to filter data for
 
| IP Addresses as destination to filter data for
| "add":["172.21.21.1","172.21.21.14"]
+
| "dstadd":["172.21.21.1","172.21.21.14"]
 
|-
 
|-
 
| port
 
| port
Line 89: Line 89:
 
| "dstport":["80","443"]
 
| "dstport":["80","443"]
 
|-
 
|-
|  
+
| proto
|  
+
| Array of Strings
|  
+
| IP Protocol number to filter data for as per https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
 
|  
 
|  
 
|-
 
|-

Revision as of 10:31, 14 January 2020

URL Format can be found Forensic_Data_Using_the_API

When querying forensics data you can pass the following params

}
Field Name Field Type Field Description Exampless
graphRows Integer Specify how many rows should be grouped by and returned in the graph data "graphRows":20
type String Output type, can be Graph or Table "type:"Graph"
reportName String Name of any available forensics report "reportName":"Application Flows"
length Integer Number of table rows to return, should be used with the start parameter "length":20,"start":0
start Integer Which row count to start from when returning a table, should be used with the length parameter "length":20,"start":0
device Array of Strings Selects which infrastructure devices data to include in this report, always recommended. "device":["172.21.40.199","172.21.40.254,"172.21.21,254"]
starttime Long or String The start time of the period for which data should be included. Either utc in milliseconds or relative time "starttime":1578992400000 or "starttime":"2 hours" or "starttime":"2 days"
endtime Long or String The end time of the period for which data should be included. Either utc in milliseconds or relative time "endtime":1578992400000 or "endtime":"2 hours" or "endtime":"20 minutes"
reportName String The name of the forensics report to run. Can be any name from the list in the Gigaglow->Configuration->Reporting->Forensics Reports->Reports list. "reportName":"Application Flows"
appid Array of Strings The gigaflow appid assigned to traffic "appid":["1114273","1116267","393659"]
add Array of Strings IP Addresses in either source or destination to filter data for "add":["172.21.21.1","172.21.21.14"]
srcadd Array of Strings IP Addresses source to filter data for "srcadd":["172.21.21.1","172.21.21.14"]
dstadd Array of Strings IP Addresses as destination to filter data for "dstadd":["172.21.21.1","172.21.21.14"]
port Array of Strings IP Port number in either source or destination to filter data for "port":["80","443"]
srcport Array of Strings IP Port number as source to filter data for "srcport":["80","443"]
dstport Array of Strings IP Port number as destination to filter data for "dstport":["80","443"]
proto Array of Strings IP Protocol number to filter data for as per https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml