At NTA 4.0 Entity Model · solarwinds/OrionSDK Wiki · GitHub bottom of the page is the following query
-- query top 10 IP conversations in the first hour of the year 2014
SELECT TOP 10f.SourceIP, f.DestinationIP, SUM(f.Bytes) as TotalBytes
FROMOrion.Netflow.FlowsByConversation f
WHEREf.TimeStamp>'2014-01-01 00:00:00'ANDf.TimeStamp<='2014-01-01 01:00:00'
GROUP BYf.SourceIP, f.DestinationIP
ORDER BYSUM(f.Bytes) DESC
When I run this (changing the date and number of top conversations to report naturally) to match the report generated on the Orion web interface "NetFlow Conversations Summary", I do not get similar results. Some of the flows are close enough (within rounding errors) but others are way off, some are not reported .
Is my theory that I should be able to match (and validated) the SQL in this manner valid?
Thanks