Event & Netflow Query

Unanswered Question
Jul 8th, 2009


How do I run a query to see how many events have been received over the last 3 weeks? and the same for the number of netflow events?

I'm probably missing something simple, but can only seem to get the info from the summary page where you are limited to hour, day, week, month etc.

Thanks in advance.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ldardon Tue, 07/14/2009 - 14:45

This should allow you to see netflow events on the MARS:

- Go to the 'Query/Reports' page.

- Next to 'Query type:' click the link.

- Select 'All Matching Events' from the dropdown.

- Choose a timeframe (a period of days, or watch in real time, etc.)

- Click 'Apply'.

- Click the 'Submit Inline' button.

Results should then appear. You can fine tune this based on src/dest IP or port, etc. However, this should show you a bunch of the netflow data so that you can browse it.

And also the best way is to use the tcpdump command for that IP address and check for the NetFlow data.


This Discussion