Netflow DB - Need help understanding SQL Tables

We use IP Groups and have a bunch of them.  Most of them have multiple ranges defined.  From what I understand traffic is tagged in the dbo.netflowflows table with the SourceIPGroupSegmentID.

The problem I am having is that I am not able to find traffic in dbo.netflowflows for a particular SourceIPGroupSegmentID however when I search in NTA via the GUI I'm able to see the traffic for the start and end range of the customers SourceIPGroupSegmentID.  

The other problem is that since upgrading to NTA: 2020.2.4 from NPM 12.3 and NTA 4.2.3 I'm not able to make sense of the IPGroups in the SQL DB.  Prior to upgrading when we added a new group it would add the Ranges to the NetflowIPExport table.  In 2020.2.4 it doesn't.  The new group does get added to NetFlowIPGroups table but it's just the groupID and Name.  Anyone know what table I would join to so that I could get the ranges?

Parents
  • Hello,

    Please see connections between segmentID in flows tables for swis and sql query. 

    SWIS Query:

    SELECT TOP 5 Segments.IPSegmentID, IPGroup.Name, Ranges.IPRangeStart, Ranges.IPRangeEnd FROM Orion.Netflow.IPAddressGroups AS IPGroup
    LEFT JOIN Orion.NetFlow.IPGroupSegments Segments ON Segments.IPGroupID = IPGroup.IPAddressGroupID
    LEFT JOIN Orion.Netflow.IPAddressGroupRanges Ranges ON Ranges.IPAddressGroupID =IPGroup.IPAddressGroupID

    IPSegmentID is either as SourceIPGroupSegmentID or as DestinationIPGroupSegmentID in swis entity table 'Orion.Netflow.Flows'


    SQL Query:

    SELECT TOP 5 Segments.IPSegmentID,IpGroups.Name, Ranges.IPRangeStart,Ranges.IPRangeEnd FROM SolarwindsOrion.dbo.NetFlowIPGroups AS IPGroups
    LEFT JOIN SolarWindsFlowStorage.[dbo].[NetFlowIpGroupsIpSegments_View] Segments ON Segments.IPGroupID = IPGroups.IPGroupID
    LEFT JOIN SolarwindsOrion.dbo.IPAddressGroups Ranges ON Ranges.IPAddressGroupID =Segments.IPGroupID

    IPSegmentID in 'NetFlowFlows' tables either as SourceIPGroupSegmentID or as DestinationIPGroupSegmentID

    Please let me know if you need more informations

    Regards Radek

  • We were using the SDK before but after getting upgraded our query no longer worked as it was looking for IPSegmentID's from a table that is no longer in use(NetflowIPExport)

Reply Children
No Data