Observer GigaFlow

Documentation

Table of Contents

Observer GigaFlow Documentation

Documentation > Appendices > Forensic Report Types > Application

Application

  • The report name.
  • The associated table query, in this case:
    select srcadd as srcadd,dstadd as dstadd,appid as appid, cast((sum(bytes)*8) as bigint) as bits_total from netflow WHERECLAUSE group by srcadd,dstadd,appid ORDERBY LIMITROW
  • The table value field, in this case:
    bits_total
  • The graph query, in this case:
    select FIRSTSEEN as afirstseen,srcadd as srcadd,dstadd as dstadd,appid as appid, cast(sum((bytes)*8)/(MODER/1000) as bigint) as bits_avgsec from netflow  WHERECLAUSE group by afirstseen,srcadd,dstadd,appid order by srcadd,dstadd,appid,afirstseen
  • The graph time field, in this case:
    afirstseen
  • The graph value field, in this case:
    bits_avgsec
  • The graph key field(s), separated by "__", in this case:
    srcadd__dstadd__appid