TopN
Group By Options
The information provided by the opFlowSP API can be filtered to that information provided under opFlowSP TopN Options.
- The opFlowSP primary option group_by changes to implement these filters;
- The opCharts template also changes as follows:
- The template name property must change to an appropriate string as each template name needs to be different;
- The template options{titleText} should change to an appropriate string value too;
- The template external_url should change as follows:
- external_url changes from the # character and is exactly that provided at the end of the URL in the browser addressbar for each option at opFlowSP->View->TopN->Options;
- external_url changes from the # character and is exactly that provided at the end of the URL in the browser addressbar for each option at opFlowSP->View->TopN->Options;
- the template table_schema changes for each option as per the JSON returned by opFlowSP:
- table_schema does require analysing the JSON returned by opFlowSP and setting table schema to best reflect the equivalent columnar structure in opFlowSP TopN Options.
Top Applications View
"group_by" : ["application"]
Example:
thor_asgard_top_applications_flow.json
Top Application Sources View
"group_by" : ["src_ip","application"]
Example:
thor_asgard_top_application_sources_flow.json
Top Application Conversations View
"group_by" : ["src_ip","dst_ip","application"]
Top Listeners View
"group_by" : ["dst_ip"]
Top Protocols View
"group_by" : ["proto"]
Top Talkers View
"group_by" : ["src_ip"]
Example:
thor_asgard_top_talkers_flow.json
Top TOS View
"group_by" : ["tos"]