Observer GigaFlow

Documentation

Table of Contents

Observer GigaFlow Documentation

Documentation > Appendices > Forensic Report Types > Subnet Class C Source By Source IP Count

Subnet Class C Source By Source IP Count

Table Query: select srcadd-modulus(srcadd,256) as srcsubnetc,count(distinct(srcadd)) as srccount from netflow WHERECLAUSE group by srcsubnetc ORDERBY LIMITROW
Table Value Field: srccount
Graph Query: select FIRSTSEEN as afirstseen, srcadd-modulus(srcadd,256) as srcsubnetc,cast((count(distinct(srcadd))) as bigint) as srccount from netflow WHERECLAUSE group by afirstseen,srcsubnetc order by srccount,afirstseen asc
Graph Time Field: afirstseen
Graph Value Field: srccount
Graph Key Field(s) separated by __: srcsubnetc