The Netflow database is located in the C:\Program Files (x86)\PathSolutions\TotalView\Data\Netflow.db directory.

It is a SQLite database that can easily be viewed through any SQLite browser.

A sample open source browser is available here: https://sqlitebrowser.org/

Run the browser and then open the Netflow.db database.  You should see the structure and indexes.  You can then choose to browse the data.


There is only one table "Netflow" with the following fields:

Agent INTEGER <-- This is the IP address (in integer format) of the source of the generated Netflow record
IfIn INTEGER <-- This is the inbound interface of the flow
IpIn INTEGER <-- This is the inbound IP address
CountryIn INTEGER <-- This is the country number of the inbound IP address
IfOut INTEGER <-- This is the outbound interface of the flow
IpOut INTEGER <-- This is the outbound IP address
CountryOut INTEGER <-- This is the outbound country number
TimestampUTC INTEGER <-- This is the timestamp of when the flow occurred
Subsecond INTEGER <-- This is the sub-second timestamp of when the flow occurred
FlowData BLOB <-- This is the entire flow record stored as a BLOB for other interrogation if desired (it may include additional Netflow/IPFIX fields that users may want to interrogate.


There are multiple indexes that speed queries:

AgentCountryIn <-- Agent, CountryIn, TimestampUTC, Subsescond

AgentCountryOut <-- Agent, CountryOut, TimestampUTC, Subsecond

ByIpIn <-- IpIn, TimestampUTC, Subsecond

ByIpOut <-- IpOut, TimestampUTC, Subsecond

CountryIn <-- CountryIn, TimestampUTC, Subsecond

CountryOut <-- CountryOut, TimestampUTC, Subsecond