Observer GigaFlow

Documentation

Table of Contents

Observer GigaFlow Documentation

Documentation > Appendices > Forensic Report Types > Sessions Flows

Sessions Flows

Table Query: select firstseen as firstseen,srcadd as srcadd,srcport as srcport,dstadd as dstadd,dstport as dstport,appid as appid,proto as proto, cast((sum(bytes)*8) as bigint) as bits_total from netflow WHERECLAUSE group by firstseen,srcadd,srcport,dstadd,dstport,appid,proto ORDERBY LIMITROW
Table Value Field: bits_total
Graph Query: select FIRSTSEEN as afirstseen,firstseen as firstseen,srcadd as srcadd,srcport as srcport,dstadd as dstadd,dstport as dstport,appid as appid,proto as proto, cast(sum((bytes)*8)/(MODER/1000) as bigint) as bits_avgsec from netflow WHERECLAUSE group by afirstseen,firstseen,srcadd,srcport,dstadd,dstport,appid,proto order by firstseen,srcadd,srcport,dstadd,dstport,appid,proto,afirstseen
Graph Time Field: afirstseen
Graph Value Field: bits_avgsec
Graph Key Field(s) separated by __: firstseen__srcadd__srcport__dstadd__dstport__appid__proto