• State Verified Answer
  • Replies 3 replies
  • Subscribers 23 subscribers
  • Views 636 views
  • Users 0 members are here
Options
Related

Report - Top 10 Netflow Sources

stevenstadel

I'm looking for a report showing me the top 10 NetFlow sources by the number of flows. I can see total flows per engine over time but need more detail to troubleshoot who is sending the most flows and ensure their config is setup correctly.

The Netflow settings table will show you the number of flows/sec received. We need to identify what is sending the most flows/sec.

This query will show what polling engine is receiving the number of flows/second.

SELECT 
  e.ServerName AS [Polling Engine Name]
, a5m.StatisticsValue AS [Avg 5 Minute Flows/sec]
, a24h.StatisticsValue AS [Avg 24 Hour Flows/sec]
, a3d.StatisticsValue AS [Avg 3 Day Flows/sec]
FROM Orion.Engines e 
left JOIN (SELECT EngineID, StatisticsName, StatisticsValue 
      FROM Orion.Netflow.NetFlowEnginesStatistics 
      WHERE StatisticsName = 'FlowsPerSecondForLast24Hours') a24h 
      ON a24h.EngineID = e.EngineID
left JOIN (SELECT EngineID, StatisticsName, StatisticsValue 
      FROM Orion.Netflow.NetFlowEnginesStatistics 
      WHERE StatisticsName = 'FlowsPerSecondForLast3Days') a3d 
      ON a3d.EngineID = e.EngineID
left JOIN (SELECT EngineID, StatisticsName, StatisticsValue 
      FROM Orion.Netflow.NetFlowEnginesStatistics 
      WHERE StatisticsName = 'FlowsPerSecondForLast5Minutes') a5m 
      ON a5m.EngineID = e.EngineID
WHERE e.ServerType != 'RemoteCollector'
ORDER BY a5m.StatisticsValue DESC

My question is how can I identity the device that is sending the most total flows/second to each poller, a report of top 10 Netfow Sources would help.

Parents
  • +1

    Support confirmed this is not available on the product today. -  Based on your inquiry is that you are looking to get a report for troubleshooting purposes that can show the Top 10 Netflow Sources and identify who is sending the most flows with NTA. Although you can probably pull up the number of flows received per polling engine while scripting and executing directly from the Netflow settings table, however targeting or identifying directly the flow per second on the device and associating to a report is not a possibility or the feature is not available yet with NTA.

Reply
  • +1

    Support confirmed this is not available on the product today. -  Based on your inquiry is that you are looking to get a report for troubleshooting purposes that can show the Top 10 Netflow Sources and identify who is sending the most flows with NTA. Although you can probably pull up the number of flows received per polling engine while scripting and executing directly from the Netflow settings table, however targeting or identifying directly the flow per second on the device and associating to a report is not a possibility or the feature is not available yet with NTA.

Children
No Data

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 190,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification SolarWinds Lab Link Accounts
About THWACK Blogs Federal & Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2021 SolarWinds Worldwide, LLC. All Rights Reserved.