Assuming you have seen bi-directional flows try a filter in a query to set where the source is equals VMA this VMA is the only one required o check like destinatination ports for example 80 instead of source port 5678XX.
Hi Raymundo. I'm not sure I get where you're going. When you say VMA, what is that? If I look
it up in goog it shows "VMWare Assistant". But I don't think that's where you're going.
Again the scenario would be that I capture all logging for traffic with a specific tag
over the course of a month. It might find 20 flows from host A to host B:80.
I only want the first flow to display. I can do this by exporting to another program
and filtering there but that takes time. Thanks.