Observer GigaFlow

Documentation

Table of Contents

Observer GigaFlow Documentation

Documentation > Appendices > Forensic Report Types > Duration Max

Duration Max

Table Query: select firstseen,duration,cast( spare as integer) as fpr,device,customerid as tgsrc,engineid as tgdst,srcadd,dstadd,srcport,dstport,appid,nexthop,srcmac,dstmac,inif,outif,pkts,bytes*8 as bits,flags,proto,tos,srcas,dstas from netflow WHERECLAUSE ORDERBY LIMITROW
Table Value Field: duration
Graph Query: select FIRSTSEEN as afirstseen,cast( max(duration) as bigint) as maxduration from netflow WHERECLAUSE group by afirstseen order by afirstseen
Graph Time Field: afirstseen
Graph Value Field: maxduration
Graph Key Field(s) separated by __: