Hello guys, I'm trying to get the latest (last hour) conversations between defined hosts.
For the purpose I use the following SWQL query:
SELECT DestinationIP, Packets, SourceIP, TimeStamp , ObservationTimeStamp, IngressBytes, EgressBytes, TotalBytes
FROM Orion.Netflow.FlowsByConversation WHERE SourceIP = 'X.X.X.X' AND TimeStamp > ADDHOUR(-1, getdate()) AND DestinationIP = 'X.X.X.X'
The issue is, I don't get any results.
If I edit the query and do ADDHOUR(-5, getdate()) I get resulrs but for the last 5 hours, and I want to see at current time.
The end goal is to get the conversatoin for the last minute between hosts.
Any help would be appreciated!
Thank you!
