| Help : Query : Parameter : resultField |
Results returned as a table containing whichever columns were requested using resultField.
| Field Definitions | ||
|---|---|---|
| Category | Field | Description |
| Key Field | time | The time at the start of the interval. |
| seconds | The time at the start of the interval in seconds since 1 Jan 1970 GMT. | |
| sourceAddress | Source address. | |
| sourceName | Domain name of source. | |
| sourcePort | Source port. | |
| sourcePortName | "Well known" port name for source port. | |
| destinationAddress | Destination address. | |
| destinationName | Domain name of destination. | |
| destinationPort | Destination port. | |
| destinationPortName | "Well known" port name for destination port. | |
| sourceAS | AS number for source address. | |
| sourcePeerAS | AS number for peer network on path to source address. | |
| destinationAS | AS number for destination address. | |
| destinationPeerAS | AS number for peer network on path to destination address. | |
| protocolGroup | Name for service identified by source and destination ports (Configured using protocol.group setting). | |
| Value Field | frames | Number of frames in interval for given keys. |
| framesVariance | Variance in the number of frames. | |
| framesSDEV | Standard deviation in the number of frames. | |
| framesLower | Lower bound (95% confidence) on the number of frames. | |
| framesUpper | Upper bound (95% confidence) on the number of frames. | |
| bytes | Number of bytes in interval for given keys. | |
| bytesVariance | Variance in the number of bytes. | |
| bytesSDEV | Standard deviation in the number of bytes. | |
| bytesLower | Lower bound (95% confidence) on the number of bytes. | |
| bytesUpper | Upper bound (95%) confidence) on the number of bytes. | |
| count(key1,key2..) | Count the number of distinct key values and collapse the
rows, returning the count. For example, resultField=sourceAddress,count(destinationAddress,clientPort) will return the source addresses along with a count of the number of destination address, port combinations. |
|
If key fields are omitted, then the result will be aggregated, ensuring that each row represents a unique combination of keys.
Result fields are specified as a list of field names. For example,
resultField=sourceAddress,destinationAddress,frames,bytes would return a table with the specified columns.