I am trying to get a Modern Dashboard set up with a clone of the Top 15 Conversations NTA Widget, but I don't seem to be able to get the formatting correct - and I need a bit of a sanity check as the query results in SWQL Studio differs greatly from the actual NTA widget.
Ultimately I want the Bytes columns to display in Megabytes, or in Gigabytes if it goes over 1024 Megabytes. But I am not sure if I can format the packet count to include an M or K for Million/Thousand.
SELECT TOP 15 SourceIP as A_IP, SourceHostname as A_Hostname, DestinationIP as B_IP, DestinationHostname as B_Hostname
, SUM(Bytes) as Bytes
, SUM(IngressBytes) as IngressBytes
, SUM(EgressBytes) as EgressBytes
, SUM(IngressPackets) as IngressPackets
, SUM(EgressPackets) as EgressPackets
, SUM(Packets) as Packets
FROM Orion.Netflow.FlowsByConversation
WHERE Timestamp >= ADDHOUR(-1, GETDATE())
GROUP BY SourceIP, DestinationIP, SourceHostname, DestinationHostname
ORDER BY Bytes DESC
