Hello Fellow Thwackers,
As referenced by my name, when I want to create a report/alert/etc I usually skip and go right to custom swql query
I'm wondering if anyone can assist with the following :
I am attempting to write a swql query for netflow reporting and notice that the SourceIPGroupSegmentID/DestinationIPGroupSegmentID property (from Orion.Netflow.Flows) are all linked to the Orion.Netflow.SourceIPGroup table.
However the ID fields differ - and there is not common table I can find that links the two IDs to each other.
For instance - There are only 30 instances of IP Groups in the Orion.Netflow.SourceIPGroup table - IDs 1-30.
The value that corresponds with ID 30 is 95 in the SourceIP/DestinationIPGroupSegmentID - 30 maps to 95.
I created a new group, and observed that group 31 matches with SourceIP/DestinationIPGroupSegmentID of 114.
Can anyone explain how this is being calculated? If I can determine either where or how this mapping is done, I can definitely arrange some reporting based on IP Address Groups (and I think thwack could definitely use a few more posts on how to do custom Netflow reporting...)
Thank you -