1 of 1 people found this helpful
Played with it in my lab and it seems like the timestamp seems to do some kind of localization, when I run it from my laptop I get the most recent times in PST but when I run the same query directly on my lab server they show up in UTC. I added a tolocal function, and you can skip filtering on the nodeid since interface id's are globally unique, let me know if that works better for you.
SELECT top 1000
tolocal(timestamp) as time,
NodeID as node,
InterfaceIDRx as Interface,
EgressBytes AS eBytes,
IngressBytes AS iBytes,
TotalBytes AS TotalBytes
FROM Orion.NetFlow.Flows AS flow
InterfaceIDRx = xxx
GROUP BY timestamp,node,eBytes, iBytes,TotalBytes,Interface
Hi mesverrum.. thanks for the reply.. i will give at a try.. do you have any other query to show netflow information for a particular interface or is my above query good enough ?? i want to create a dashboard that shows netflow traffic from routers interface that connects to different sites... would appreciate your advice as i am not so good with coding
This looks like a decent query to track what you say you want. One thing you may want to keep in mind with a chart like this is that netflow by default filters to the top 95th percentile of traffic, so this chart would never be 100% accurate and won't match exactly to what you see if you just set up a total bps chart for the same interface, should be close but not exact.