Hello,
I am trying to create an alert and Custom report to show when certain flows were present in the last hour at certain sites on my network. However when I try to build a SWQL query to check for certain flows, I get the error "Not a valid IP Address". The Field is labeled a string in SWQL Studio. Why is it throwing this error?
SELECT Top 10 F.NodeID, SUM(F.TotalBytes) AS TotalBytes, NC.City, A.Name, F.SourceIP
From Orion.NetFlow.Flows AS F
LEFT JOIN Orion.Nodes N ON F.NodeID = N.NodeID
LEFT Join Orion.NodesCustomProperties NC ON N.NodeID = NC.NodeID
LEFT JOIN Orion.NetFlow.Applications A on A.ApplicationID = F.ApplicationID
Where (F.TimeStamp>=(GetUTCDate()-0.04167)) and F.SourceIP LIKE '%192.168.%'
GROUP BY F.SourceIP, F.NodeID, A.Name, NC.City
ORDER BY TotalBytes DESC
