1 Reply Latest reply on Jan 28, 2014 11:30 AM by curtisi

    complex ndpeth query design


      I am experiencing difficulty in creating a query for ndepth that will show me the following information.


      I have traffic that I am trying to locate that could be sourced from a group of 4 IP addresses.


      This traffic could have a destination of a group of 3 IP addresses.


      The problem I am having is how to create this in the search builder.  I seem to have created the condition correctly to isolate all traffic that is sourced from any of the 4 IP addresses, but I cannot figure out how to further filter those results to only the traffic destined for the group of 3 IP addresses.


      If someone could help make this look a little less than mud I would appreciate it.


      What is the correct procedure for ordering conditions in the search builder?


      I currently have an individual Group for each TCPTrafficAudit.SourceMachine.  Each is configured with an OR Boolean logic.  The bubble that contains all of these groups also has an OR statement, which I believe should be an AND statement.  I then should be able to add my TCPTrafficAudit.DestinationMachine groups below this each with an OR statement.

        • Re: complex ndpeth query design

          I think I might have the 4 and 3 backwards, but I think something like this would work:


          2014-01-28 10_28_26-SolarWinds Log and Event Manager Console.png


          If it's ANY of the Destination IPs, group 1 is true.

          If it's ANY of the Source IPs, group 2 is true.

          If group 1 AND group 2 is true, the criteria are met.