Using ra commands to filter on the relationship between sent and received bytes

[The Branches]

Hi,

Is there any way to compare one flow record attribute to another flow 
record attribute with the ra tools?  When doing network forensics, 
sometimes I want to find sessions in which the sender transmitted more 
bytes than the receiver did, crudely looking for signs of data 
ex-filtration from known-compromised inside hosts.   I have tried syntax 
like this to no avail.

ra -r argus.file - "host infected-internal-host and src bytes gt dst bytes"

It appears that the value to the right of the comparison operator has to 
be a fixed value rather than another attribute name, but just in case 
there is some other way to do this, I thought I'd ask.

Kevin Branch