Observer GigaFlow

Documentation

Table of Contents

Observer GigaFlow Documentation

Documentation > Appendices > Forensic Report Types > MAC Address Pairs

MAC Address Pairs

Table Query: select srcmac as srcmac,dstmac as dstmac, cast((sum(bytes)*8) as bigint) as bits_total from netflow WHERECLAUSE group by srcmac,dstmac ORDERBY LIMITROW
Table Value Field: bits_total
Graph Query: select FIRSTSEEN as afirstseen,srcmac as srcmac,dstmac as dstmac, cast(sum((bytes)*8)/(MODER/1000) as bigint) as bits_avgsec from netflow WHERECLAUSE group by afirstseen,srcmac,dstmac order by srcmac,dstmac,afirstseen
Graph Time Field: afirstseen
Graph Value Field: bits_avgsec
Graph Key Field(s) separated by __: srcmac__dstmac