• State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 24 subscribers
  • Views 190 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

SWQL Studio not able to access/ read all the tables

rawwinton

Hi,

I would like to check what are the constrains with SQWL to do queries as there were some tables that I was unable to query from.

Examples of such tables are:

Orion.Netflow.FlowsByDomain

Orion.Netflow.FlowsByIP

I got a time out error (Pls see attached) based on the following statement as well as they system generated select query

SELECT ApplicationID, Bytes
FROM Orion.Netflow.FlowsByIP
order by Bytes
with rows 1 to 5

or

SELECT top 10 ApplicationID, Bytes
FROM Orion.Netflow.FlowsByIP

Regards,

Rawwinton

  • 0

    Which version of NTA do you have? Are you trying to interrogate the flow storage database or the main Orion database?

  • 0

    Rawwinton,


    Your queries span obviously too much data to process as there are no efficient time constraints or any other filtering criteria.


    The first query orders all the netflow records by Bytes values, however Bytes column is not indexed, thus the query needs to go through all the records. Once processed, first 5 records are returned.

    The second query is similar, although one could think that it takes just first 10 records (no ordering, grouping, etc.) which should be fast. However, there is no such optimization as typical TOP queries usually orders records before.

  • 0

    Tom is right, such queries require time constraint to work properly.

    The easiest fix would be:

    SELECT TOP 10 ApplicationID, Bytes
    

    FROM Orion.Netflow.FlowsByIP
    

    WHERE (TimeStamp >= '2015-06-01 10:00:00') AND (TimeStamp <= '2015-06-01 16:00:00')

    If you're after top 10 applications by bytes, I would start with something like this:

    SELECT TOP 10 ApplicationID, f.Application.Name, SUM(Bytes) AS TotalBytes
    

    FROM Orion.Netflow.Flows f
    

    WHERE (TimeStamp >= '2015-06-01 10:00:00') AND (TimeStamp <= '2015-06-01 16:00:00')
    

    GROUP BY ApplicationID, f.Application.Name
    

    ORDER BY TotalBytes DESC

    Regards,

    Martin

  • 0

    Thanks for all the replies had gotten it to work. emoticons_happy.png

    Rawwinton

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.