EQuery Query




Keywords: select, groupby, where, when

Format: query_name: select <fields> groupby <fields> where <condition> when <condition>;

Keywords Fields Required
select src_addr, dst_addr, src_port, dst_port, protocol, tcp_seq, tcp_ack, tcp_win, stime, ltime, total_count, total_byte, ploss_count, ploss_byte, ip_ttl, ip_tos, dmac, smac Yes
groupby same as select No
where src_addr, dst_addr, src_port, dst_port, protocol, amis_id(uk, fiu, starlight) No
when tcp_win, total_count, total_byte, ploss_count, ploss_byte, ip_ttl, ip_tos No