Checking for 7-day flow data for a specific endpoint

I have been asked to perform a search for 7-day flow data from a specific endpoint. I can perform the search for up to 1-day flow data. However, when I try to look for 7-day data for the same endpoint, the Netflow page just spins and spins non-stop. Also, the Netflow page becomes unusable, even if I close and re-open the web browser. So, it appears that NTA is unable to do flow data searches for over a day or two.

Still, the request for 7-day flow data for this endpoint (as well as some others) is quite urgent. What can I do to provide the requested info? I would try to do this via SQL searches but my SQL expertise is very low, especially as it relates to table joins and the like. Any suggestions?

Find more posts tagged with

netflow reporting

Accepted answers

All comments

FormerMember

When I've changed the time frame like that, it has taken several hours up to a day to get the information. It seems to want to update the data for all the endpoints, even if you only need it for a small number of them. How long seems to depend upon the number of endpoints monitored and how much total data there is being transmitted. We have several hundred endpoints monitored and not a lot of devices putting out netflow information (we have mostly switches that do not support netflow). You might be able to get the information quicker if it were only for part of your network, for example all endpoints on one or two switches rather than on several dozen switches, and all on one layer 3 switch capable of Netflow.

Sorry I'm not more help than to say it will take time.

jeff.stewart

Edwin,

Where does the Flow Storage Database (FSDB) reside? What resources are allocated to it?