Here are the columns/definitions that can be used in the query when setting up a flow track query.
| Column/Definition |
|
| APPLICATION |
The application or traffic port (such as HTTP) |
| PROTOCOL |
The traffic protocol (such as TCP or UDP) |
| INPUT_SNMP | Input interface index used by SNMP (ifIndex in IF-MIB) |
| OUTPUT_SNMP |
Output interface index used by SNMP or zero if the packet was dropped |
| IPV4_SRC_ADDR |
IP address that the packet originated from (source address) |
| IPV4_DST_ADDR |
IP address that the packet was sent to (destination address) |
| SRC_COUNTRY |
IP address source country code (eg. ZA for South Africa) |
| DST_COUNTRY |
IP address destination country code |
| EXADDR | The IP address of the device the flows originated from. |
Here is an example of a flow tracker query:
(IPV4_SRC_ADDR=192.168.0.1/24 OR IPV4_SRC_ADDR=10.0.0.1/24) AND APPLICATION=80 AND EXADDR=192.168.0.254
The above query will search for the flow data for any packet/s that originated from either the 192.168.0.1/24 subnet or 10.0.0.1/24 subnet that went over HTTP and where the flow data was sent from the device with the IP address of 192.168.0.254.