I am trying to get a Modern Dashboard set up with a clone of the Top 15 Conversations NTA Widget, but I don't seem to be able to get the formatting correct - and I need a bit of a sanity check as the query results in SWQL Studio differs greatly from the actual NTA widget.
Ultimately I want the Bytes columns to display in Megabytes, or in Gigabytes if it goes over 1024 Megabytes. But I am not sure if I can format the packet count to include an M or K for Million/Thousand.
SELECT TOP 15 SourceIP as A_IP, SourceHostname as A_Hostname, DestinationIP as B_IP, DestinationHostname as B_Hostname , SUM(Bytes) as Bytes , SUM(IngressBytes) as IngressBytes , SUM(EgressBytes) as EgressBytes , SUM(IngressPackets) as IngressPackets , SUM(EgressPackets) as EgressPackets , SUM(Packets) as Packets FROM Orion.Netflow.FlowsByConversation WHERE Timestamp >= ADDHOUR(-1, GETDATE()) GROUP BY SourceIP, DestinationIP, SourceHostname, DestinationHostname ORDER BY Bytes DESC