Creating a Traffic Flow Filter
To create a traffic flow filter:
-
Go to Monitor > FlowIQ.
-
Click Network tab or Application tab if you want to see network-level or application-level traffic details, respectively.
-
Click the FlowIQ view tab that relates to the type of information you want (Overview, Trends, Geolocation, Records, Flow). When you set a filter, the results will show across all views.
-
Use the Time Period options to adjust the time period that applies to the traffic information you want (Last 60 Minutes, Last 24 Hours, Last 7 Days, or a custom timeframe). You may need to wait for the Refresh Data process to complete.
-
To add conditions to your filter, you can manually add them in the Filters box. In some FlowIQ views, such as the Overview and Geolocation views, you can add conditions to your filter by simply clicking on any managed-resource metric value that is listed to the right of the donut charts.
-
To manually add a filter, click in the Filters box.
-
In Select a metric, specify the condition for your filter. If your filter has multiple conditions, click + Add Condition for each condition to define.
-
For each condition, select the traffic flow property, operator, and property value that will filter the traffic the way you want.
-
Click Save.
The traffic flow filter is created and stored as a saved view.
Using Traffic Flow Quick Filters
In FlowIQ, CoPilot automatically creates flow filter rules or quick filters for a host’s IP address or port. After you enter a host’s IP address or port number, CoPilot shows all traffic flows sent to and received from that IP address or port in FlowIQ charts. The quick filters are available in the custom rule dialog if you want to use them in a custom flow query.
Quick filter created when typing an IP address:
( Source IP Address = IP_address OR Destination IP Address = IP_address )
Quick filter created when typing a port number:
( Source Port = port_number OR Destination Port = port_number )
To use FlowIQ quick filters:
-
Go to the CoPilot > Monitor > FlowIQ page, type an IP address or port number in the Filters field, set the desired time period to analyze flow data for, and hit Enter or click Apply.
Each chart in the FlowIQ page is updated to show all traffic for those IP address or port filters.
-
Click the down arrow (v) in the Filters box to open the custom rules dialog.
-
To delete a quick filter, hover over its entry and click the Delete icon.
-
To add more rules to build a custom query, click + Add condition or + Add group as needed.
-
After setting all conditions, click Apply.
-
To save a custom filter view, click Save View.