Difference between revisions of "Forensic Data Using the API Request Fields"

From Observer GigaFlow Support | VIAVI Solutions Inc.
Jump to: navigation, search
Line 92: Line 92:
 
| Array of Strings
 
| Array of Strings
 
| IP Protocol number to filter data for as per https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
 
| IP Protocol number to filter data for as per https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
|  
+
| "proto":["6","1"]
 
|-
 
|-
|  
+
| directfilter
|  
+
| String
|  
+
| SQL filter that can be applied directly to the report query, gives more direct power to support features such as srcport!=161 to exclude data
|  
+
| "directfilter":"srcport!=161"
 
|-
 
|-
 
|  
 
|  

Revision as of 10:36, 14 January 2020

URL Format can be found Forensic_Data_Using_the_API

When querying forensics data you can pass the following params

}
Field Name Field Type Field Description Exampless
graphRows Integer Specify how many rows should be grouped by and returned in the graph data "graphRows":20
type String Output type, can be Graph or Table "type:"Graph"
reportName String Name of any available forensics report "reportName":"Application Flows"
length Integer Number of table rows to return, should be used with the start parameter "length":20,"start":0
start Integer Which row count to start from when returning a table, should be used with the length parameter "length":20,"start":0
device Array of Strings Selects which infrastructure devices data to include in this report, always recommended. "device":["172.21.40.199","172.21.40.254,"172.21.21,254"]
starttime Long or String The start time of the period for which data should be included. Either utc in milliseconds or relative time "starttime":1578992400000 or "starttime":"2 hours" or "starttime":"2 days"
endtime Long or String The end time of the period for which data should be included. Either utc in milliseconds or relative time "endtime":1578992400000 or "endtime":"2 hours" or "endtime":"20 minutes"
reportName String The name of the forensics report to run. Can be any name from the list in the Gigaglow->Configuration->Reporting->Forensics Reports->Reports list. "reportName":"Application Flows"
appid Array of Strings The gigaflow appid assigned to traffic "appid":["1114273","1116267","393659"]
add Array of Strings IP Addresses in either source or destination to filter data for "add":["172.21.21.1","172.21.21.14"]
srcadd Array of Strings IP Addresses source to filter data for "srcadd":["172.21.21.1","172.21.21.14"]
dstadd Array of Strings IP Addresses as destination to filter data for "dstadd":["172.21.21.1","172.21.21.14"]
port Array of Strings IP Port number in either source or destination to filter data for "port":["80","443"]
srcport Array of Strings IP Port number as source to filter data for "srcport":["80","443"]
dstport Array of Strings IP Port number as destination to filter data for "dstport":["80","443"]
proto Array of Strings IP Protocol number to filter data for as per https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml "proto":["6","1"]
directfilter String SQL filter that can be applied directly to the report query, gives more direct power to support features such as srcport!=161 to exclude data "directfilter":"srcport!=161"