3 Replies Latest reply on Dec 23, 2017 3:51 PM by cscoengineer

    NTA and SWQL

    cscoengineer

      Hi!!   I'm trying to pull some information for NetFlow using SWQL and can't seem to get a relative time.

       

      I saw some examples on thwack and have tried to use it to grab some domain info, but am getting the error: The parameter(s) 'Filter, Limit, Rx, Tx, TopKey' are missing for entity Orion.NetFlow.DomainsTop.

       

      The doc I found for relative time is a bit out of date and the filter does not work.

      How to fetch Total Ingress & Egress Bytes for Orion.NetFlow.IPAddressGroups using SDK

       

      Any ideas on getting relative time into the Filter for getting information from the Orion.NetFlow.DomainsTop table?

       

      Thanks

      Amit

        • Re: NTA and SWQL
          tdanner

          stibi, can you help here?

          • Re: NTA and SWQL
            stibi

            Hi

             

            First of all I would recommend using different entities as the entities that have suffix 'Top' or 'Detail' are used for specific resources. Instead you can use Orion.NetFlow.Flows or any other Orion.NetFlow.FlowsBy entity.

            Changing the entity will also simplifies relative time that you want to accomplish. One way is to use function GetUTCDate():

             

            SELECT COUNT(Bytes) AS numberOfRow FROM Orion.NetFlow.FlowsByDomain WHERE TimeStamp > (GETUTCDATE() - 1.5)

            - 1.5 means last 36 hours.

             

            Second approach is for reports that you can create on website. It is using macros that will allow you to specify the relative or absolute time.

             

            SELECT TimeStamp, SUM(Bytes) AS BB

            FROM Orion.NetFlow.Flows

            WHERE TimeStamp > ${FromTimeUTC} AND TimeStamp < ${ToTimeUTC}

            GROUP BY TimeStamp

             

            There is another example for those macros on Unable to add data series for a report's SQL-driven custom chart

            1 of 1 people found this helpful