Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Events and Flows Query Examples

 

Use or edit query examples to create events and flows queries that you can use for your AQL searches.

Use the following query examples to get information about events and flows in your network or edit these examples to build your own custom queries.

Event Rates and Flow Rates for Specific Hosts

This query outputs the AVG_Value, Metric ID, and Hostname columns from the events or flows database for the last 15 minutes.

The AVG_Value column returns a value for the average flow or event rate over the last 15 minutes for the host that is named in the Hostname column.

EPS Rates by Log Source

This query outputs My Log Sources, and EPS_Rates columns from events.

The My Log Sources column returns log source names and the EPS_Rates column returns the EPS rates for each log source in the last two hours.

Event Counts and Event Types Per Day

This query outputs the Date of log source, Description of event, and count of event columns from events.

The date of the event, description of event, and count of events are returned for the last four days.

Monitoring Local to Remote Flow Traffic by Network

This query outputs the sourceip and TotalBytes columns.

The TotalBytes column returns the sum of the source and destination bytes that crosses from local to remote.

Monitoring Remote to Local Flow Traffic by Network

This query outputs the sourceip and TotalBytes columns.

The TotalBytes column returns the sum of the source and destination bytes from remote to local.

Copying Query Examples from the AQL Guide

If you copy and paste a query example that contains single or double quotation marks from the AQL Guide, you must retype the quotation marks to be sure that the query parses.