FAQ

Apex filter syntax

Benoît Neviani
Benoît Neviani • 17 September 2024
in group Users Group
0 comments 
ipServer 10.135.33.72-10.135.33.77 and (ipClient 10.135.31.102 or ipClient 10.135.31.103 or ipClient 10.135.161.48)

------------------------------------------------------------------------------------------------------------------------------------------

(ipServer 10.135.33.72-10.135.33.77 and app CIFS\SMB and (ipClient 10.135.77.8-10.135.77.10 or ipClient 10.135.31.102-10.135.31.103 or ipClient 10.135.161.48)) or ipServer 10.115.146.55 and (ipClient 10.115.146.104 or ipClient 10.115.146.105 or ipClient 10.115.146.106)

-----------------------------------------------------------------------------------------------------------------------------------------------

(ipServer 100.64.5.145 or ipServer 100.64.5.129 and (app TCP8114-8115 or app TCP8214-8215)) or (ipServer 10.115.150.55-10.115.150.56 and (ipClient 10.115.150.100 or ipClient 10.115.150.101) and app TCP10100) or (ipServer 10.115.146.55 and (ipClient 10.115.146.100 or ipClient 10.115.146.101) and app TCP6003-6004) or (ipServer 100.64.4.1 or ipServer 100.64.4.2 and app TCP8238) or (ipServer 100.64.4.81 or ipServer 100.64.4.82 and app TCP33001 or app TCP33005)

------------------------------------------------------------------------------------------------------------------------------------------------

For all the “non-VoIP” custom dashboards, you can use either of these filters:

not ip <insert Apex IP>

or

not app ‘Observer TCP’  --> verify the spelling of the Observer app by selecting it in the main App system dashboard so it goes up to the filter.

------------------------------------------------------------------------------------------------------------------------------------------------

Did you know that you can use a DNS name to do a filter from a widget or dashboard or business group?

Simply put in a filter string as follows:

ipServer ‘DNS_NAME’

This will return all data from the resolved DNS name. note APEX must have DNS resolution enabled & have access to a DNS server for resolution.

image-1673450212733.png

 

Apex Data Fields for NetFlow Data:

  • All data fields from NetFlow are derived from two flow fields: Packets and Bytes
  • Bytes Total, Bytes Rx, Bytes Tx,
  • Bytes / sec, Bits / sec
  • Packets Total, Packets Rx, Packets Tx, Packets / sec

Filters for Flow data:

Key FieldFilters
AS:  Autonomous Systemas
Application: The Application Name (as configured in GigaFlow)app
DSCP: QoS DiffServdscp
Data Source: The GigaFlow server that collected the datadataSource
Device: The Router or Infrastructure device that transited the trafficdevice
Interface: The Router or Infrastructure interface that transited the trafficinterface
IP Protocol: TCP, UDP, etcipProto
MAC Address: As collected / assembled by GigaFlowmac
Site: The Site, as configured in Apexsite
Subnet: The named subnet, as configured in Apexsubnet
IP Addressip

Enclose the filter value in single quotes, e.g.: ip '10.147.11.65'

Be the first one to comment

Please log in or sign up to comment.