1 Reply Latest reply on Mar 7, 2012 6:08 AM by Martin.Krivanek

    How to fetch Total Ingress & Egress Bytes for Orion.NetFlow.IPAddressGroups using SDK

    narain.arun

      Hi All,

      I have SWQL Studio and NTA installed. I created multiple IP Address Group and would like to get Ingress and Egress Bytes for a particular IPAddressGroup using SWQL Studio. What are the inputs that I should give in the SWQL Query to fetch Ingress and Egress Byte count:

       

      This is the SWQL on right side pane from Orion.NetFlow.IPAddressGroupsConversationsTop:

      SELECT ConversationID, SourceIPGroupID, DestinationIPGroupID, SourceIPGroupName, DestinationIPGroupName, NodeID, InterfaceID, TotalBytes, TotalPackets, TotalBytesIngress, TotalBytesEgress, TotalPacketsIngress, TotalPacketsEgress
      FROM Orion.NetFlow.IPAddressGroupsConversationsTop

      WHERE SourceIPGroupName='Airoli-Axis'

      I am getting the below output when execute the SQL Query:

      "The parameters 'Filter,Limit,Topkey' are missing for entry Orion.NetFlow.IPAddressGroupsConversationsTop"

      Does anyone tested with the above and help me out.

       

      thanks in advance

      Arun

        • Re: How to fetch Total Ingress & Egress Bytes for Orion.NetFlow.IPAddressGroups using SDK
          Martin.Krivanek

          Hi Arun,

          These queries are not as user friendly as others, because some NTA schemas are intended for internal use only. They're designed to be called from our framework on the web. The syntax differs based of NTA version:

          Here is query for NTA 3.8:
          SELECT GroupID, GroupName, NodeID, InterfaceID, TotalBytes, TotalPackets, TotalBytesIngress, TotalPacketsIngress
          FROM Orion.NetFlow.IPAddressGroupsTop(Filter='NSF:T:2012-02-23T06:42:00~2012-02-23T07:40:00;FD:Ingress;G:6', Limit=5, Rx=True, Tx=True, TopKey='')
          --Explanation of the parameters:
          Filter:
                          T: Time Period Filter with following parameter:
                                 [string]  can be one of followings:
                                       1. Time range in UTC format FromUtc~ToUtc. (like on example)
                                      2. Relative time period like Last 15 minutes (T:Last 15 minutes)                                     
                          FD: Flow Direction filter with following options: [Ingress / Egress / Both]
                          G: [int array] IP Address group filter. Can contains one or more IDs of IPGroups. E.g.: G:6,5,1 shows data just for IP Groups 6 or 5 or 1.
          Limit:
                          [int] - It’s limit of returned rows (like top X)
          Rx, Tx:
                          [Bool] – Show data for Rx and/or Tx. One of those values has to be always true!
          TopKey:
                          [string] – Show data just for this key (IpGroupID in this case)

          Here is query for NTA 3.9:
          SELECT GroupID, GroupName, NodeID, InterfaceID, TotalBytes, TotalPackets, TotalBytesIngress, TotalPacketsIngress
          FROM Orion.NetFlow.IPAddressGroupsTop(Filter='NSF:TD:2012-02-23T06:42:00~2012-02-23T07:40:00,1,True,True;FD:Ingress;G:6', Limit=5, Rx=True, Tx=True, TopKey='')
          There's only one difference in T parameter, in 3.9 we use TD instead of T. The main difference between T and TD is that TD doesn’t support relative time periods and always require absolute time period in UTC format. And also requires some another parameters to specify what we want from data storage more precisely.
          TD has following definition:
                          TD: Time Period Filter with following parameters:
                                 1. [string] - Time range in UTC format FromUtc~ToUtc. Here can’t be relative time frame like Last 15 minutes
                                 2. [int] - Sample / Granularity in minutes. 1 means 1 minute granularity of returned data.
                                3. [bool] – InlcudeEndTime. Determines if last interval will be included in returned data
                                 4. [bool] – CanUseAggregated – Determines if the data can be returned from aggregated data if possible (like Endpoints, Applications, …). For IP Groups this is ignored.

          Hopefully it helps, if something is still unclear I’ll be glad to explain.

          Mentioned NTA schemas aren’t unfortunately intended as a public API. They are designed for internal purposes as a layer between DB and Web. Those NTA SWIS schemas can be changed significantly any time without any limitation. That’s a reason why there isn’t any public documentation for those schemas.

          Regards,

          Martin