Here are the columns/definitions that can be used in the query when setting up a flow track query.
||The application or traffic port (such as HTTP)
||The traffic protocol (such as TCP or UDP)
|INPUT_SNMP||Input interface index used by SNMP (ifIndex in IF-MIB)|
||Output interface index used by SNMP or zero if the packet was dropped
||IP address that the packet originated from (source address)
||IP address that the packet was sent to (destination address)
||IP address source country code (eg. ZA for South Africa)
||IP address destination country code
|EXADDR||The IP address of the device the flows originated from.
Here is an example of a flow tracker query:
(IPV4_SRC_ADDR=192.168.0.1/24 OR IPV4_SRC_ADDR=10.0.0.1/24) AND APPLICATION=80 AND EXADDR=192.168.0.254
The above query will search for the flow data for any packet/s that originated from either the 192.168.0.1/24 subnet or 10.0.0.1/24 subnet that went over HTTP and where the flow data was sent from the device with the IP address of 192.168.0.254.