I am attempting to generate the results I get from Flow Navigator when I filter by Citrix ports (1494, 2598) using an SWQL query within the SWQL Studio.
I currently have the following:
SELECT ApplicationName, MapTo, TotalBytes, TotalBytesIngress, TotalBytesEgress
FROM Orion.NetFlow.ApplicationsTop(Filter='NSF:TD:2015-03-23T04:00:00~2015-03-23T19:00:00,1,True,True;FD:Both', Limit=1000, Rx=True, Tx=True, TopKey='1494')
The above gives me all instances of traffic from all interfaces matching port 1494. I am wanting to do a GROUP BY clause to get the SUM of traffic based on port 1494 in one row but I can't figure out the correct syntax to do so. I can't simply do a "GROUP BY AppID" as this does not filter the results without a SUM function under the SELECT clause.
Furthermore, I don't know how to filter by both port 1494 and 2598 using the filter above (TopKey does not accept more than one value).
Finally, I would love to be able to use DATEPART commands in the query like the following in order to exclude non-business hours :
(
(DATEPART(weekday, DateTime) > 1) AND
(DATEPART(weekday, DateTime) < 7) AND
(DatePart(Hour,DateTime) >= 4) AND
(DatePart(Hour,DateTime) <= 19)
)
However, WSQL Studio states "Unable to resolve property weekday".
Any assistance would be greatly appreciated.