we want youtube and facebook user
Look under 'domains' in NTA and you will find them.
You can also make your own filters in the Flow Navigator on the left side.
Can you show an example? I'm doing something similar for services like Pandora, Spotify, and Netflix but the resources only show top xx and not all end points going to these sites or receiving data from these sites. I have generated a report to do something similar to what I'm looking for but I'm finding anomalies of duplicate IP/Host name entries for either end of the conversation. Like we received the conversation data and it was just sent right back to the source host. Very weird.
Pull over the >> on the upper left of the netflow screen and you will see where you can filter by domain. Then for example add
We would also like to see the NTA summary to show when users are streaming fro these sites. It just shows the IP address, and using Flow Navigator for the amount of interfaces we have i not very helpful. This cannot be that hard to build into NTA and it has been requested over and over.
Top xx Conversations should show the URL. It shows the IP. The IP is too difficult to figure out every time I view the summary of a site that is topping out its bandwidth.
NTA data comes from a networking protocol commonly known as Netflow, which was made by Cisco, or the more generic IETF version of the protocol is called IPFIX. What kind of information is made available is determined by the hardware vendor you are dealing with. Since in almost all cases the hardware vendor this data comes from is a firewall or a router they rarely collect any information about URL's or usernames. Cisco stepped up their flow game when they released NBAR2, where they set up algorithms and parse out some of the content and signatures of the traffic to classify them and figure out url's where they are available, but most other hardware vendors don't have that kind of data to send. So if you have a router that supports NBAR2 and turn it on then the router will tell Solarwinds what website that traffic is associated with, and SW will display it. If you do not then NTA will just display "classic" flow data.
In order to attempt to resolve the gap for you NTA does DNS lookups for any IP address that shows up, but in order for that to be helpful you have to ensure that the IP's you are dealing with actually show up in your DNS, or at the worst case you could make a hosts file entry locally on your server and that would be what everyone sees in NTA instead of the IP.
SW in general is not in the business of creating new data inside the monitoring platform, they are gathering and displaying the data that already exists inside the protocols of the systems being monitored. That is the reason why no matter how often people ask for it, SW will always be limited to what is available inside the standard protocols we all use.
