Observer GigaFlow

Documentation

Table of Contents

Observer GigaFlow Documentation

Documentation > Appendices > Forensic Report Types > Applications With Flow Count

Applications With Flow Count

Table Query: select appid ,count(*) as flowcount, count(distinct(srcadd)) as srccount, count(distinct(dstadd)) as dstcount, cast(sum(bytes*8)as bigint) as bits_total from netflow WHERECLAUSE group by appid ORDERBY LIMITROW
Table Value Field: flowcount
Graph Query: select FIRSTSEEN as afirstseen,appid ,count(*) as flowcount from netflow WHERECLAUSE group by afirstseen,appid order by flowcount,afirstseen asc
Graph Time Field: afirstseen
Graph Value Field: flowcount
Graph Key Field(s) separated by __: appid