• State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 27 subscribers
  • Views 1920 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Netflow DB - Need help understanding SQL Tables

shack

We use IP Groups and have a bunch of them.  Most of them have multiple ranges defined.  From what I understand traffic is tagged in the dbo.netflowflows table with the SourceIPGroupSegmentID.

The problem I am having is that I am not able to find traffic in dbo.netflowflows for a particular SourceIPGroupSegmentID however when I search in NTA via the GUI I'm able to see the traffic for the start and end range of the customers SourceIPGroupSegmentID.  

The other problem is that since upgrading to NTA: 2020.2.4 from NPM 12.3 and NTA 4.2.3 I'm not able to make sense of the IPGroups in the SQL DB.  Prior to upgrading when we added a new group it would add the Ranges to the NetflowIPExport table.  In 2020.2.4 it doesn't.  The new group does get added to NetFlowIPGroups table but it's just the groupID and Name.  Anyone know what table I would join to so that I could get the ranges?

  • 0

    Try getting at the data through the API via SWQL... SolarWinds makes every effort to keep SWQL consistent across upgrades but SQL is not guarenteed to be consistent (especially with such a major upgrade.)

    https://github.com/solarwinds/OrionSDK

    That said if you're motivated enough I'm sure it's in the DB... just a matter of finding it. I'm mobile now and don't have my dev environment in front of me currently to check.

  • 0

    Hello,

    Please see connections between segmentID in flows tables for swis and sql query. 

    SWIS Query:

    SELECT TOP 5 Segments.IPSegmentID, IPGroup.Name, Ranges.IPRangeStart, Ranges.IPRangeEnd FROM Orion.Netflow.IPAddressGroups AS IPGroup
LEFT JOIN Orion.NetFlow.IPGroupSegments Segments ON Segments.IPGroupID = IPGroup.IPAddressGroupID
LEFT JOIN Orion.Netflow.IPAddressGroupRanges Ranges ON Ranges.IPAddressGroupID =IPGroup.IPAddressGroupID

    IPSegmentID is either as SourceIPGroupSegmentID or as DestinationIPGroupSegmentID in swis entity table 'Orion.Netflow.Flows'


    SQL Query:

    SELECT TOP 5 Segments.IPSegmentID,IpGroups.Name, Ranges.IPRangeStart,Ranges.IPRangeEnd FROM SolarwindsOrion.dbo.NetFlowIPGroups AS IPGroups
LEFT JOIN SolarWindsFlowStorage.[dbo].[NetFlowIpGroupsIpSegments_View] Segments ON Segments.IPGroupID = IPGroups.IPGroupID
LEFT JOIN SolarwindsOrion.dbo.IPAddressGroups Ranges ON Ranges.IPAddressGroupID =Segments.IPGroupID

    IPSegmentID in 'NetFlowFlows' tables either as SourceIPGroupSegmentID or as DestinationIPGroupSegmentID

    Please let me know if you need more informations

    Regards Radek

  • 0 in reply to radekn

    We were able to get this working and have it all figured out now.  With NetflowIPExport no longer being the source of the IPSegment ID it was very confusing at first.  

    I do have a question though - What is the significance of the "versions" in the table NetflowStorageSegments?  We were unable to figure out why our Segments suddenly had so many different versions.

  • 0 in reply to radekn

    We were using the SDK before but after getting upgraded our query no longer worked as it was looking for IPSegmentID's from a table that is no longer in use(NetflowIPExport)

  • 0 in reply to shack

    Hello,

    In table NetFlowStorageSegments the "Versions" column is there to help distinguish last changes of existing IP group so NTA knows that previous versions of the same IP segments for this IP group are not valid anymore. So in query we should take into account only maximum version of IP segment  as the most actual version of IP group / IP segment change.

    Regards Radek

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.