    Getting NTA 4's Top Conversations via REST or SOAP API


      I've been searching a bit for how to construct a query for Top Conversations in SWQL Studio, or even just via curl, but haven't been too successful. I did find this thread discussing NTA 3:

      Problem getting data using SWQL studio from Orion.Netflow.ConversationsTop NTA 3.11


      Is NTA 4 still only using the SOAP interface? Does anyone have pointers for getting data out using a simple tool like curl? Even just getting the Top 5 Conversations over all devices would be a good start.

          With NTA 4.0, you can use SWISv3 endpoint to execute the following sample SWQL query to get top 5 conversations by total bytes:


          SELECT TOP 5 SourceIP as A_IP, SourceHostname as A_Hostname, DestinationIP as B_IP, DestinationHostname as B_Hostname

            , SUM(Bytes) as Bytes

            , SUM(IngressBytes) as IngressBytes

            , SUM(EgressBytes) as EgressBytes

            , SUM(IngressPackets) as IngressPackets

            , SUM(EgressPackets) as EgressPackets

            , SUM(Packets) as Packets

          FROM Orion.Netflow.FlowsByConversation

          WHERE Timestamp > '2014-03-11 12:00:00' AND Timestamp <= '2014-03-11 13:00:00' -- specify the time range

          GROUP BY SourceIP, DestinationIP, SourceHostname, DestinationHostname

          ORDER BY Bytes DESC

