0 Replies Latest reply on Oct 29, 2015 3:46 PM by ckwasnicki

    NTA 4.0 Entity Model


      At NTA 4.0 Entity Model · solarwinds/OrionSDK Wiki · GitHub bottom of the page is the following query


      -- query top 10 IP conversations in the first hour of the year 2014

      SELECT TOP 10 f.SourceIP, f.DestinationIP, SUM(f.Bytes) as TotalBytes

      FROM Orion.Netflow.FlowsByConversation f

      WHERE f.TimeStamp > '2014-01-01 00:00:00' AND f.TimeStamp <= '2014-01-01 01:00:00'

      GROUP BY f.SourceIP, f.DestinationIP

      ORDER BY SUM(f.Bytes) DESC

      When I run this (changing the date and number of top conversations to report naturally) to match the report generated on the Orion web interface "NetFlow Conversations Summary", I do not get similar results.  Some of the flows are close enough (within rounding errors) but others are way off, some are not reported .

      Is my theory that I should be able to match (and validated) the SQL in this manner valid?