7 Replies Latest reply on Aug 1, 2016 5:44 AM by andrew.grech@tattsgroup.com

    Req SWQL Query Advice - NTA Check If SourceIP Exists

    andrew.grech@tattsgroup.com

      Hey I'm currently running this SWQL (SWIS) Query

       

      SELECT SourceIP, Sum(EgressBytes) as TotalEgressBytes
      FROM Orion.Netflow.FlowsByIP
      WHERE TimeStamp>GetDate()-2 AND TimeStamp<GetDate()-1  and SourceIP >= '10.0.0.1' and SourceIP < '10.0.0.254'
      Group By SourceIP
      

       

      I'm using this query to check if a SourceIP is in use. (I probably don't need to sum the EgressBytes but just doing it for now)

       

      My main goal is to feed the range of IP addresses and for each address return True or False for each IP if the SourceIP column exists.

       

      I had a play around with "Case \ If exists" but have been having issues. Also this query is very slow if I increase the date range. I'd love some assistance

       

      Thanks!