3 Replies Latest reply on Dec 23, 2017 3:51 PM by cscoengineer

    NTA and SWQL


      Hi!!   I'm trying to pull some information for NetFlow using SWQL and can't seem to get a relative time.


      I saw some examples on thwack and have tried to use it to grab some domain info, but am getting the error: The parameter(s) 'Filter, Limit, Rx, Tx, TopKey' are missing for entity Orion.NetFlow.DomainsTop.


      The doc I found for relative time is a bit out of date and the filter does not work.

      How to fetch Total Ingress & Egress Bytes for Orion.NetFlow.IPAddressGroups using SDK


      Any ideas on getting relative time into the Filter for getting information from the Orion.NetFlow.DomainsTop table?




        • Re: NTA and SWQL

          stibi, can you help here?

          • Re: NTA and SWQL



            First of all I would recommend using different entities as the entities that have suffix 'Top' or 'Detail' are used for specific resources. Instead you can use Orion.NetFlow.Flows or any other Orion.NetFlow.FlowsBy entity.

            Changing the entity will also simplifies relative time that you want to accomplish. One way is to use function GetUTCDate():


            SELECT COUNT(Bytes) AS numberOfRow FROM Orion.NetFlow.FlowsByDomain WHERE TimeStamp > (GETUTCDATE() - 1.5)

            - 1.5 means last 36 hours.


            Second approach is for reports that you can create on website. It is using macros that will allow you to specify the relative or absolute time.


            SELECT TimeStamp, SUM(Bytes) AS BB

            FROM Orion.NetFlow.Flows

            WHERE TimeStamp > ${FromTimeUTC} AND TimeStamp < ${ToTimeUTC}

            GROUP BY TimeStamp


            There is another example for those macros on Unable to add data series for a report's SQL-driven custom chart

            1 of 1 people found this helpful