Observer GigaFlow

Documentation

Table of Contents

Observer GigaFlow Documentation

Documentation > Appendices > TCP Flags

Addresses As Sources And Dest Port By Dest Count (Edit?)

Table Query: select srcadd,dstport,count(distinct(dstadd)) as dstcount from netflow WHERECLAUSE group by srcadd,dstport ORDERBY LIMITROW
Table Value Field: dstcount
Graph Query: select FIRSTSEEN as afirstseen, srcadd,dstport,cast((count(distinct(dstadd))) as bigint) as dstcount from netflow WHERECLAUSE group by afirstseen,srcadd,dstport order by srcadd,dstport,dstcount,afirstseen asc
Graph Time Field: afirstseen
Graph Value Field: dstcount
Graph Key Field(s) separated by __: