Observer GigaFlow

Documentation

Table of Contents

Observer GigaFlow Documentation

Documentation > Appendices > Forensic Report Types > Subnet Class C Destination By Dest IP Count

Subnet Class C Destination By Dest IP Count

Table Query: select dstadd-modulus(dstadd,256) as dstsubnetc,count(distinct(dstadd)) as dstcount from netflow WHERECLAUSE group by dstsubnetc ORDERBY LIMITROW
Table Value Field: dstcount
Graph Query: select FIRSTSEEN as afirstseen, dstadd-modulus(dstadd,256) as dstsubnetc,cast((count(distinct(dstadd))) as bigint) as dstcount from netflow WHERECLAUSE group by afirstseen,dstsubnetc order by dstcount,afirstseen asc
Graph Time Field: afirstseen
Graph Value Field: dstcount
Graph Key Field(s) separated by __: dstsubnetc