Here are the columns/definitions that can be used in the query when setting up a flow track query. 


Column/Definition

APPLICATION
The application or traffic port (such as HTTP)
PROTOCOL
The traffic protocol (such as TCP or UDP)
 INPUT_SNMP Input interface index used by SNMP (ifIndex in IF-MIB)
OUTPUT_SNMP
Output interface index used by SNMP or zero if the packet was dropped
IPV4_SRC_ADDR
IP address that the packet originated from (source address)
IPV4_DST_ADDR
IP address that the packet was sent to (destination address)
SRC_COUNTRY
IP address source country code (eg. ZA for South Africa)
DST_COUNTRY
IP address destination country code
 EXADDR The IP address of the device the flows originated from.


Here is an example of a flow tracker query:

 

(IPV4_SRC_ADDR=192.168.0.1/24 OR IPV4_SRC_ADDR=10.0.0.1/24) AND APPLICATION=80 AND EXADDR=192.168.0.254

 

The above query will search for the flow data for any packet/s that originated from either the 192.168.0.1/24 subnet or 10.0.0.1/24 subnet that went over HTTP and where the flow data was sent from the device with the IP address of 192.168.0.254.