Then if you want more summarized data, you can always use aggregate functions (MIN, MAX, AVG, SUM, COUNT) and group from there. ObservationTimeStamp >= GETUTCDATE() - 1 - Only show records from the last 24 hours (1 day) By taking large volumes of data and turning them into applications through MS SQL Server, users can search, organize, and manipulate this data quickly and easily. HIGHLY recommended to use the TOP XXX in the SELECT to prevent extremely long runtimes Today, organizations turn to MS SQL Server to store data and support various business operations, such as administration or transaction processing. There are other Flow source entities where the data has already been categorized. The Fields contain what you would expect for a Flow Record and the Navigation Properties are ways to link tables together without the need for traditional JOIN clauses. The Orion.Netflow namespace contains an entity I use frequently:. The best way to get to Flow Data is using the SolarWinds Query Language (SWQL). ![]() ![]() When this post was originally drafted, the NetFlow Data was stored in a completely different way - either directly in the SolarWinds Orion Database or using a different technology (FastBit). I created a new group, and observed that group 31 matches with SourceIP/DestinationIPGroupSegmentID of 114.Ĭan anyone explain how this is being calculated? If I can determine either where or how this mapping is done, I can definitely arrange some reporting based on IP Address Groups (and I think thwack could definitely use a few more posts on how to do custom Netflow reporting.) The value that corresponds with ID 30 is 95 in the SourceIP/DestinationIPGroupSegmentID - 30 maps to 95. However the ID fields differ - and there is not common table I can find that links the two IDs to each other.įor instance - There are only 30 instances of IP Groups in the table - IDs 1-30. I am attempting to write a swql query for netflow reporting and notice that the SourceIPGroupSegmentID/DestinationIPGroupSegmentID property (from ) are all linked to the table. ![]() I'm wondering if anyone can assist with the following : As referenced by my name, when I want to create a report/alert/etc I usually skip and go right to custom swql query
0 Comments
Leave a Reply. |