Documentation >
Reference Manual for GigaFlow >
Configuration >
ReportingLocated at Configuration > Reporting.
One of the difficult aspects of reporting on network flows is the number of possible field combinations, with 25+ fields in the extended range. GigaFlow records all fields for all flows with no summarization and no deduplication. GigaFlow allows you to create exactly the report you want.
You can change reporting settings here, in the General and Forensics Reports panels.
Allows you to add new entries to be displayed in the left hand navigation under the Reports option.
You can enter:
- The URL to be called (must be unique).
- The name displayed in the left had menu for this URL.
- Whether this url should be opened in a new window (YES) or the GigaFlow main content frame (NO)
Allows you to import a JSON representation of new entries to be displayed in the left hand navigation under the Reports option.
You can edit the general reporting settings in this panel:
- Default search period: select 1 day, 2 days, 7 days, 14 days or 21 days. The default selection is 1 day.
- Forensics graph summary rows: select 5, 10, 20, 30, 40 or 50 rows. The default selection is 10 rows.
- Default reporting period: the default reporting period is 10 minutes, i.e. the last 10 minutes of information will be presented.
- Maximum number of table rows to return: select 1,000, 5,000, 10,000, 20,000, 50,000, 100,000 or 1,000,000. The default selection is 1,000,000.
- Default Forensics Report: Select which report should automatically run when going from a summary report to a forensics report.
- The default selection is Application Flows.
- Show Cumulative Stacked Chart Values.
- Show Stacked Charts.
- Chart Format.
- Chart Format Custom Settings.
- Click Save Report Settings to save changes or Cancel to clear changes not submitted.
See Appendix > Forensic Report Types for a complete description of the different report types. See also Reports > Forensics for the Direct Filtering Syntax used by GigaFlow.
You can view and clone built-in forensics reports in this panel.
From the Report drop-down menu, select the report type to view or clone. The default selection is Application Flows. In the panel below, you can view:
- The report name.
- The associated table query, in this case:
select srcadd as srcadd,dstadd as dstadd,appid as appid, cast((sum(bytes)*8) as bigint) as bits_total from netflow WHERECLAUSE group by srcadd,dstadd,appid ORDERBY LIMITROW
- The table value field, in this case:
bits_total
- The graph query, in this case:
select FIRSTSEEN as afirstseen,srcadd as srcadd,dstadd as dstadd,appid as appid, cast(sum((bytes)*8)/(MODER/1000) as bigint) as bits_avgsec from netflow WHERECLAUSE group by afirstseen,srcadd,dstadd,appid order by srcadd,dstadd,appid,afirstseen
- The graph time field, in this case:
afirstseen
- The graph value field, in this case:
bits_avgsec
- The graph key field(s), separated by "__", in this case:
srcadd__dstadd__appid
To clone a report:
- Enter the new cloned report name.
- Click Clone Forensics Report to create new cloned report.
- This is a list of existing, editable DSCP names.
- Click Save DSCP Names to commit any changes.
To add a new DSCP name:
- Enter the DSCP number.
- Enter the new name.
- Click Save DSCP Name.
Lists the existing user defined report URLS that are available from the left hand navigation under the Reports option.
The table lists:
- The URL to be called (must be unique).
- The name displayed in the left had menu for this URL.
- Whether this url should be opened in a new window (YES) or the GigaFlow main content page (NO).
