| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| en:dpi:qoe:qoe_filters:start [2024/09/20 14:13] – elena.krasnobryzh | en:dpi:qoe:qoe_filters:start [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1 |
|---|
| {{indexmenu_n>4}} | |
| ======Filters in QoE reports====== | |
| |
| |
| =====Lists filters available in QoE Analytics sections===== | |
| ====Netflow==== | |
| ^ Field ^ Explanation ^ Frequently used operators ^ | |
| | Host | Host Name. \\ Examples: \\ zen.yandex.ru. \\ *.mail.ru \\ 149.154.167.151:80 | ''=''\\ ''like'' | | |
| | Subscriber | Subscriber IP address | ''=''\\ ''like''\\ ''in CIDR’s''\\ ''not in CIDR’s'' | | |
| | Login | Numeric designation of the subscriber in the billing system | ''=''\\ ''like'' | | |
| | Host IP | Host IP address | ''=''\\ ''like''\\ ''in CIDR’s''\\ ''not in CIDR’s'' | | |
| | Protocol | Net protocol \\ Example: TCP 6 | ''=''\\ ''like'' | | |
| | App protocols groups | The filter value is selected from a drop-down list with protocol groups | ''in''\\ ''not in'' | | |
| | Application protocol | Example: https 443 | ''=''\\ ''like'' | | |
| | Subscriber`s AS number | The AS number assigned to a particular subscriber. \\ Each request to or from a subscriber has the same AS number | ''=''\\ ''like'' | | |
| | Host`s AS number | The AS number assigned to a specific host. \\ Each request to or from a host has the same AS number | ''=''\\ ''like'' | | |
| | Host category | The filter value is selected from a drop-down list with categories | ''in''\\ ''not in'' | | |
| | Infected traffic category | Available Categories: \\ Botnet hosts (Kaspersky)\\ Malicious hosts (Kaspersky)\\ Phishing hosts (Kaspersky) | ''in''\\ ''not in'' | | |
| | Vchannel/Bridge | Vchannel - vChannel number \\ Bridge - number of the bridge through which the traffic goes \\ \\ The field specifies the Vchannel **or** Bridge value sent by DPI. Depending on the mode of operation, it sends either Bridge or Vchannel to which this or that IP has fallen. | ''=''\\ ''like'' | | |
| | Post nat source IPv4-address | An IP address converted from private to public by NAT to communicate with external devices and access the Internet | ''=''\\ ''like''\\ ''in CIDR’s''\\ ''not in CIDR’s'' | | |
| | Post nat source port | A port converted by NAT from private to public for communicating with external devices and accessing the Internet | ''=''\\ ''like'' | | |
| | Class | Traffic classes cs0 through cs7. \\ See [[en:dpi:dpi_options:use_cases:qs_rateplans:start|]] for more details. \\ \\ 0 — cs0 \\ 1 — cs1 \\ ... \\ 7 — cs7 | ''=''\\ ''like'' | | |
| | DSCP | Extended traffic class values. See [[en:dpi:dpi_options:opt_priority:start|]] for details. | ''=''\\ ''like'' | | |
| | Traffic direction | Possible values: \\ From subscriber \\ To subscriber | ''=''\\ ''!='' | | |
| | MPLS labels | Labels responsible for the transmission of data packets on the network.\\ It is transmitted in base64 format. Example: ''C7pB/w=='' | ''=''\\ ''like'' | | |
| |
| ====Raw full netflow==== | |
| ^ Field ^ Explanation ^ Frequently used operators ^ | |
| | Session ID | Session identifier\\ Example: 101292583003281746 | ''=''\\ ''like'' | | |
| | Source IPv4-address | IPv4 address of the request source. \\ If the request is **from** a subscriber - the subscriber address will be specified here, if vice versa - the host address | ''=''\\ ''like''\\ ''in CIDR’s''\\ ''not in CIDR’s'' | | |
| | Source IPv6-address | IPv6 address of the request source. \\ If the request is **from** a subscriber - the address of the subscriber will be specified here, if vice versa - the address of the host | ''=''\\ ''like'' | | |
| | Source port | Port of the request source. \\ If the request is **from** a subscriber - the port of the subscriber will be specified here, if vice versa - the port of the host | ''=''\\ ''like'' | | |
| | Source AS number | AS number of the request source. \\ If the request is **from** a subscriber - the subscriber's AS will be specified here, if vice versa - the host's AS. | ''=''\\ ''like'' | | |
| | Destination IPv4-address | IPv4 address of the request recipient. \\ If the request is directed **to** the host - the host address will be specified here, if vice versa - the address of the subscriber | ''=''\\ ''like''\\ ''in CIDR’s''\\ ''not in CIDR’s'' | | |
| | Destination IPv6-address | IPv6 address of the request recipient. \\ If the request is directed **to** the host - the host address will be specified here, if vice versa - the address of the subscriber | ''=''\\ ''like'' | | |
| | Destination port | Port of the request recipient. \\ If the request is directed **to** the host - the host port will be specified here, if vice versa - the subscriber's port | ''=''\\ ''like'' | | |
| | Destination AS number | AS number of the request recipient. \\ If the request is sent **to** the host, the host's AS will be specified here, if vice versa - the subscriber's AS. | ''=''\\ ''like'' | | |
| | Net protocol | Example: TCP 6 | ''=''\\ ''like'' | | |
| | Application protocol | Example: https 443 | ''=''\\ ''like'' | | |
| | App protocols groups | The filter value is selected from a drop-down list with protocol groups | ''in''\\ ''not in'' | | |
| | Login | Numeric designation of the subscriber in the billing system | ''=''\\ ''like'' | | |
| | Subscriber | Subscriber IP address | ''=''\\ ''like''\\ ''in CIDR’s''\\ ''not in CIDR’s'' | | |
| | Subscriber`s AS number | The AS number assigned to a particular subscriber. \\ Each request to or from a subscriber has the same AS number | ''=''\\ ''like'' | | |
| | Subscriber`s port | A port assigned to a specific subscriber. \\ Each request to or from a subscriber has the same port | ''=''\\ ''like'' | | |
| | Host | Host Name. \\ Examples: \\ zen.yandex.ru. \\ *.mail.ru \\ 149.154.167.151:80 | ''=''\\ ''like'' | | |
| | Host`s AS number | The AS number assigned to a particular subscriber. \\ Each request to or from a subscriber has the same AS number | ''=''\\ ''like'' | | |
| | Host`s port | A port assigned to a specific host. \\ Every request to or from a host is the same port | ''=''\\ ''like'' | | |
| | Host IP | Host IP address | ''=''\\ ''like''\\ ''in CIDR’s''\\ ''not in CIDR’s'' | | |
| | Vchannel/Bridge | Vchannel - vChannel number \\ Bridge - number of the bridge through which the traffic goes \\ \\ The field specifies the Vchannel **or** Bridge value sent by DPI. Depending on the mode of operation, it sends either Bridge or Vchannel to which this or that IP has fallen. | ''=''\\ ''like'' | | |
| | Post nat source IPv4-address | An IP address converted from private to public by NAT to communicate with external devices and access the Internet | ''=''\\ ''like''\\ ''in CIDR’s''\\ ''not in CIDR’s'' | | |
| | Post nat source port | A port converted by NAT from private to public for communicating with external devices and accessing the Internet | ''=''\\ ''like'' | | |
| | Traffic direction | Possible values: \\ From subscriber \\ To subscriber | ''=''\\ ''!='' | | |
| | VLAN ID | The identifier of the VLAN through which traffic entered.\\ Specified by a number, example: 4038 | ''=''\\ ''like'' | | |
| | Post VLAN ID | The identifier of the VLAN through which the traffic exited.\\ Specified by a number, example: 4031 | ''=''\\ ''like'' | | |
| | MPLS labels | Labels responsible for the transmission of data packets on the network.\\ It is transmitted in base64 format. Example: ''C7pB/w=='' | ''=''\\ ''like'' | | |
| | Class | Traffic classes cs0 through cs7. \\ See [[en:dpi:dpi_options:use_cases:qs_rateplans:start|]] for more details. \\ \\ 0 — cs0 \\ 1 — cs1 \\ ... \\ 7 — cs7 | ''=''\\ ''like'' | | |
| | DSCP | Extended traffic class values. See [[en:dpi:dpi_options:opt_priority:start|]] for details. | ''=''\\ ''like'' | | |
| | Octet delta | Traffic difference (in bytes) at the beginning and at the end of the specified period | ''=''\\ ''like'' | | |
| | Packet delta | Difference of IP packets at the beginning and at the end of the specified period | ''=''\\ ''like'' | | |
| |
| ====Clickstream==== | |
| ^ Field ^ Explanation ^ Frequently used operators ^ | |
| | Host | Host Name. \\ Examples: \\ zen.yandex.ru. \\ *.mail.ru \\ 149.154.167.151:80 | ''=''\\ ''like'' | | |
| | Subscriber | Subscriber IP address | ''=''\\ ''like''\\ ''in CIDR’s''\\ ''not in CIDR’s'' | | |
| | Login | Numeric designation of the subscriber in the billing system | ''=''\\ ''like'' | | |
| | Device | Allows you to understand from which device the request was made | ''=''\\ ''like'' | | |
| | Host IP | Host IP address | ''=''\\ ''like''\\ ''in CIDR’s''\\ ''not in CIDR’s'' | | |
| | Url | Domain + address where the subscriber went to | ''=''\\ ''like'' | | |
| | Host category | The filter value is selected from a drop-down list with categories | ''in''\\ ''not in'' | | |
| | Infected traffic category | Available Categories: \\ Botnet hosts (Kaspersky)\\ Malicious hosts (Kaspersky)\\ Phishing hosts (Kaspersky) | ''in''\\ ''not in'' | | |
| | Vchannel/Bridge | Vchannel - vChannel number \\ Bridge - number of the bridge through which the traffic goes \\ \\ The field specifies the Vchannel **or** Bridge value sent by DPI. Depending on the mode of operation, it sends either Bridge or Vchannel to which this or that IP has fallen. | ''=''\\ ''like'' | | |
| | Locked | Possible values: \\ 0 - **un**locked traffic \\ 1 - locked traffic | ''=''\\ ''!='' | | |
| | Traffic direction | Possible values: \\ From subscriber \\ To subscriber | ''=''\\ ''!='' | | |
| |
| ====Raw clickstream==== | |
| ^ Field ^ Explanation ^ Frequently used operators ^ | |
| | Session ID | Session identifier\\ Example: 101292583003281746 | ''=''\\ ''like'' | | |
| | Source IPv4-address | IPv4 address of the request source. \\ If the request is **from** a subscriber - the subscriber address will be specified here, if vice versa - the host address | ''=''\\ ''like''\\ ''in CIDR’s''\\ ''not in CIDR’s'' | | |
| | Destination IPv4-address | IPv4 address of the request recipient. \\ If the request is directed **to** the host - the host address will be specified here, if vice versa - the address of the subscriber | ''=''\\ ''like''\\ ''in CIDR’s''\\ ''not in CIDR’s'' | | |
| | Source IPv6-address | IPv6 address of the request source. \\ If the request is **from** a subscriber - the address of the subscriber will be specified here, if vice versa - the address of the host | ''=''\\ ''like'' | | |
| | Destination IPv6-address | IPv6 address of the request recipient. \\ If the request is directed **to** the host - the host address will be specified here, if vice versa - the address of the subscriber | ''=''\\ ''like'' | | |
| | Login | Numeric designation of the subscriber in the billing system | ''=''\\ ''like'' | | |
| | Host | Host Name. \\ Examples: \\ zen.yandex.ru. \\ *.mail.ru \\ 149.154.167.151:80 | ''=''\\ ''like'' | | |
| | Path | The address to which the subscriber went | ''=''\\ ''like'' | | |
| | Referer | The resource from which the request came. \\ Used for redirection: the address from which the user went to the redirection page is memorized | ''=''\\ ''like'' | | |
| | User agent | Allows you to understand from which device the request was made | ''=''\\ ''like'' | | |
| | Vchannel/Bridge | Vchannel - vChannel number \\ Bridge - number of the bridge through which the traffic goes \\ \\ The field specifies the Vchannel **or** Bridge value sent by DPI. Depending on the mode of operation, it sends either Bridge or Vchannel to which this or that IP has fallen. | ''=''\\ ''like'' | | |
| | Locked | Possible values: \\ 0 - **un**locked traffic \\ 1 - locked traffic | ''=''\\ ''!='' | | |
| | Traffic direction | Possible values: \\ From subscriber \\ To subscriber | ''=''\\ ''!='' | | |
| |
| =====Operators===== | |
| ^ Operator ^ Description ^ Data input format ^ | |
| | ''='' | Returns records equal to the entered value | | | |
| | ''!='' | Returns records that do not equal the entered value | | | |
| | ''like'' | Returns records containing the defined character pattern | | | |
| | ''ilike'' | Works the same as ''like'' but is case-insensitive | | | |
| | ''not like'' | Returns records that **don't** contain the defined character pattern | | | |
| | ''not ilike'' | Works the same as ''not like'', but is case-insensitive | | | |
| | ''match'' | Returns records matching a regular expression, a sequence of special characters that form a pattern or template that maps to a string | See [[https://support.google.com/a/answer/1371417?hl=en|link]] for input format and examples | | |
| | ''not match'' | Returns records that **don't** match the regular expression | See [[https://support.google.com/a/answer/1371417?hl=en|link]] for input format and examples | | |
| | ''>'' | Returns records that are greater than the entered value | | | |
| | ''>='' | Returns records that are greater than or equal to the entered value | | | |
| | ''<'' | Returns records that are less than the entered value | | | |
| | ''<='' | Returns records that are less than or equal to the entered value | | | |
| | ''in'' | Allows multiple values to be entered and returns all that match the values in the list. Each value must be entered on a new line | Each value on a new line | | |
| | ''not in'' | Allows multiple values to be entered and returns all of them, **except** those that match values in the list. Each value must be entered on a new line | Each value on a new line | | |
| | ''between'' | Returns records where the expression is in the range of values value1 and value2 inclusive | Each value on a new line | | |
| | ''not between'' | Returns all records where the expression **not** is between value1 and value2 inclusive | Each value on a new line | | |
| | ''in CIDRs'' | Allows multiple CIDR values to be entered and returns all that match the values in the list. Each value must be entered on a new line | 192.0.2.32/27\\ Each value on a new line | | |
| | ''not in CIDRs'' | Allows multiple CIDR values to be entered and returns all, **except** those that match the values in the list. Each value must be entered on a new line | 192.0.2.32/27\\ Each value on a new line | | |
| |
| Checks whether a string matches a simple regular expression. | |
| The regular expression can contain the metasymbols: | |
| * % indicates any quantity of any symbols (including zero symbols). | |
| * _ indicates any one symbol. | |
| |
| For an example of using a regular expression, see [[en:dpi:qoe:qoe_filters:start#case_1_filtering_by_subscribers|Case 1. Filtering by subscribers]] → Subscriber Pool. | |
