This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

NTA Top Conversations Query Bytes value formatting

I am trying to get a Modern Dashboard set up with a clone of the Top 15 Conversations NTA Widget, but I don't seem to be able to get the formatting correct - and I need a bit of a sanity check as the query results in SWQL Studio differs greatly from the actual NTA widget.

Ultimately I want the Bytes columns to display in Megabytes, or in Gigabytes if it goes over 1024 Megabytes. But I am not sure if I can format the packet count to include an M or K for Million/Thousand.

SELECT TOP 15 SourceIP as A_IP, SourceHostname as A_Hostname, DestinationIP as B_IP, DestinationHostname as B_Hostname

  , SUM(Bytes) as Bytes

  , SUM(IngressBytes) as IngressBytes

  , SUM(EgressBytes) as EgressBytes

  , SUM(IngressPackets) as IngressPackets

  , SUM(EgressPackets) as EgressPackets

  , SUM(Packets) as Packets

FROM Orion.Netflow.FlowsByConversation

WHERE Timestamp >= ADDHOUR(-1, GETDATE())

GROUP BY SourceIP, DestinationIP, SourceHostname, DestinationHostname

ORDER BY Bytes DESC