Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Event & Netflow Query

Hi

How do I run a query to see how many events have been received over the last 3 weeks? and the same for the number of netflow events?

I'm probably missing something simple, but can only seem to get the info from the summary page where you are limited to hour, day, week, month etc.

Thanks in advance.

Terry

1 REPLY
Community Member

Re: Event & Netflow Query

This should allow you to see netflow events on the MARS:

- Go to the 'Query/Reports' page.

- Next to 'Query type:' click the link.

- Select 'All Matching Events' from the dropdown.

- Choose a timeframe (a period of days, or watch in real time, etc.)

- Click 'Apply'.

- Click the 'Submit Inline' button.

Results should then appear. You can fine tune this based on src/dest IP or port, etc. However, this should show you a bunch of the netflow data so that you can browse it.

And also the best way is to use the tcpdump command for that IP address and check for the NetFlow data.

180
Views
0
Helpful
1
Replies
CreatePlease to create content