Home
CMC
Learn how CMC provides centralized visibility and monitoring of Nozomi Networks sensors.
User Guide
Information and resources about the main features of the Central Management Console (CMC), and the tasks that you can do from the user interface (UI).
Queries
You can use the Nozomi Networks Query Language (N2QL) syntax to create complex data processes to obtain, filter, and analyze lists of information from the Nozomi Networks software.
Examples
Bucket and history
An example of a query to calculate the distribution of link events towards an internet protocol (IP) address.

CMC
Learn how CMC provides centralized visibility and monitoring of Nozomi Networks sensors.
- Introduction
  An overview of the Central Management Console (CMC).
- Installation Guide
  Information and resources on how to install the Central Management Console (CMC), and the different options and settings available.
- Administrator Guide
  Information and resources about the Administration section of the Central Management Console (CMC), and the tasks that you can do in this part of the software.
- User Guide
  Information and resources about the main features of the Central Management Console (CMC), and the tasks that you can do from the user interface (UI).
  - Sensors
    The Sensors page lets you view all of the sensors that you have in your system.
  - Alerts
    The Alerts page shows all the latest alerts in the system. It lets you view the alerts in different modes, and carry out actions on the alerts.
  - Assets
    The Assets page shows all the physical components and systems in the local network environment and their associated details. It also lets you perform actions on those assets. Depending on the nodes and components involved, assets can range from a simple personal computer to an operational technology (OT) device.
  - Queries
    You can use the Nozomi Networks Query Language (N2QL) syntax to create complex data processes to obtain, filter, and analyze lists of information from the Nozomi Networks software.
    - Data sources
    - Basic operators
    - Commands
    - Functions
    - Examples
      - Pie chart
        An example on how to create a pie chart to understand the media access control (MAC) vendor distribution in a network.
      - Column chart
        An example on how to create a column chart with the top nodes by traffic.
      - Where with multiple conditions in OR
        An example of a query to get all the nodes with a specific role, in particular all the nodes which are web or domain name server (DNS) servers.
      - Bucket and history
        An example of a query to calculate the distribution of link events towards an internet protocol (IP) address.
      - Join
        An example query to join two data sources to obtain a new data source with more information. In particular, how to list the links with the labels for the source and destination nodes.
      - Compute the availability history
        An example query to compute the availability history for a link.
      - Complex field types
  - Smart Polling in CMC
    The Smart Polling page gives you a read-only view of Smart Polling.
  - Arc in CMC
    Arc™ is a host-based sensor that detects and defends against malicious or compromised endpoints, and insider attacks. You can use Arc sensors to aggregate data for analysis and reports, either on-premises, or in the Vantage cloud.
  - Reports
    The Reports page lets you manage, generate, schedule and view reports.
  - Assertions
    The Assertions page shows all the assertions and lets you configure them.
  - Vulnerabilities
    The Nozomi Networks software continuously discovers vulnerabilities in monitored assets.
  - Administration
  - Personal settings
    The personal settings page lets you do actions that are specific to your profile.
  - Troubleshooting
- Maintenance Guide
  Information about the maintenance tasks of Central Management Console (CMC), to help you administer and maintain the solution in a production environment.
- Print format documentation
  A list of all the print-format documentation that is available for the Central Management Console (CMC).

Bucket and history

An example of a query to calculate the distribution of link events towards an internet protocol (IP) address.

You can filter all the link_events with id_dst equal to 192.168.1.11 After this you can sort by time, this is a very important step because bucket and history depend on how the data are sorted.

Then you can use bucket to group the data by time. The final step is to use the history command to draw a chart, we pass count as a value for the Y axis and time for the X axis.

The history command is particularly suited for displaying a big amount of data, in the image below we can see that there are many hours of data to analyze.

link_events | where id_dst == 192.168.1.11 | sort time asc | bucket time 36000 | history count time