Creating a Traffic Flow Filter

In FlowIQ, you can use filter options to limit the traffic flow data displayed so you can focus on specific aspects of your network. When you select filter options, the results will show across all views in FlowIQ. You can save the filter options you select as a reusable custom view.

All FlowIQ views are available to anyone with access to FlowIQ. Anyone with permissions to create a view can also modify any view.

To create a traffic flow filter and save it as a custom view, complete the following steps.

  1. Go to Monitor > FlowIQ.

  2. Click the FlowIQ view tab that relates to the type of information you want.

    The view options are Overview, Trends, Geolocation, Records, and Flows.

  3. Use the Time Period options to adjust the time period that applies to the traffic information you want.

    The options are Last 60 Minutes, Last 24 Hours, Last 7 Days, or a custom timeframe.

    It might take a few seconds for the Refresh Data process to complete.

  4. Click the Filters field to select conditions and values to add to your filter.

    In the Overview and Geolocation views, you can also add conditions to your filter by clicking on any managed-resource metric value that is listed to the right of the donut charts.

    You can add up to ten filter conditions.

    1. In Select a metric, specify the condition for your filter.

      If your filter has multiple conditions, click + Add Condition for each condition to define.

    2. For each condition, select the traffic flow property, operator, and property value that will filter the traffic the way you want.

  5. Click Apply to view the changes without saving them.

  6. Click Save View to retain the changes.

    1. In the Save dialog window, enter a name for a new view or select an existing view (to overwrite) and click Save.

      You cannot retrieve an overwritten view.

    2. Verify that the new view displays at the bottom of the list of views and close the Save dialog box.

The traffic flow filter is created and stored as a reusable custom view.

Using Traffic Flow Quick Filters

In FlowIQ, CoPilot automatically creates flow filter rules or quick filters for a host’s IP address or port. After you enter a host’s IP address or port number, CoPilot shows all traffic flows sent to and received from that IP address or port in FlowIQ charts. The quick filters are available in the custom rule dialog if you want to use them in a custom flow query.

Quick filter created when typing an IP address:

( Source IP Address = IP_address OR Destination IP Address = IP_address )

Quick filter created when typing a port number:

( Source Port = port_number OR Destination Port = port_number )

To use FlowIQ quick filters:

  1. Go to the CoPilot > Monitor > FlowIQ page, type an IP address or port number in the Filters field, set the desired time period to analyze flow data for, and hit Enter or click Apply.

    Each chart in the FlowIQ page is updated to show all traffic for those IP address or port filters.

  2. Click the down arrow (v) in the Filters box to open the custom rules dialog.

  3. To delete a quick filter, hover over its entry and click the Delete icon.

  4. To add more rules to build a custom query, click + Add condition or + Add group as needed.

  5. After setting all conditions, click Apply.

  6. To save a custom filter view, click Save View.