I'm trying to run an SWQL query on Historical Netflow Flows in the form of:
SELECT
[data].[ObservationTimestamp],
[data].[Node].[NodeID] AS [NodeID],
.... etc
FROM
Orion.Netflow.Flows AS data
My question is, how can I specify an individual device interface as opposed to a node?
Nodes are: [data].[Node].[NodeID]
Interfaces are: what?
More generally, where can I find these tables or whatever they are? There is no "Netflow" table in the "Orion" database. Does this exist in the NTA database and is somehow just referenced by SWQL queries?
Bonus question: Is there documentation anywhere about how SWQL functions such as ToLocal() work?