Martin.Krivanek

If you're looking for SWIS entity or query example, it can be something like this: SELECT CustomPollerID, UniqueName, Description, OID, MIB FROM Orion.NPM.CustomPollers WHERE UniqueName='uniqueName' If you're after how to query this though Perl, I'll leave this to someone familiar with that :-) Regards, Martin

NTA will keep flows if at least one interface is managed (there's an option in NTA settings - 'Allow monitoring of flows from unmanaged interfaces.'). So you can set one interface to 1 and the other to zero, then you should see flows on your loopback interface.

Hi Juan Figueroa, You are right, NetFlow uses only two bytes for index number, so higher indexes can't be used. But if you're using nProbe, you can specify interface indexes by command line parameters (-u, -Q). Does that help you? Best regards, Martin

Hi, that OID which gave empty file confirmed my theory outlined in my previous post. Huawei exports in flows different interface indexes than those in MIB interfaces table. To translate flow interface index to real SNMP interface index, there should be translation table (on that OID which returned no result). If the…

Hi wakhan, I've analyzed files uploaded by you. Flows exported by Huawei NE20E have different interface indexes than SNMP indexes. This is expected for Huawei's NetStream, but it seems that the device doesn't publish table which maps between those two interface identifiers. This table is vital to properly analyze incoming…

Thanks, I'll forward this information to PMs so we can consider this in future NTA release. Regards, Martin

Assuming you have NTA 4.0+ this SWISv3 SWQL query should provide same data as the previous query: SELECT f.Application.Name, Port, SUM(TotalBytes) AS TotalBytes, SUM(IngressBytes) AS TotalBytesIngress, SUM(EgressBytes) AS TotalBytesEgressFROM Orion.Netflow.Flows fWHERE (TimeStamp >= '2015-05-15T10:00:00') AND (TimeStamp <=…

Thanks, could you please explain bit more what would these reports contain? First one should show top interfaces by bytes dropped? What about the second, what do you mean by queue type, traffic policy? Regards, Martin

The event was shown because there was no valid template to accept flows from given node. Maybe the valid template arrived later and caused subsequent flows to be processed just fine. It's recommended to have flow templates export interval set to 1-minute. The event won't go away, if the issue is fixed, it simply won't…

It's been a while, but based on the error message I think you're on the right track. Try adding conversation (C:) filter as follows: (Filter='NSF:C:127000000001-192168001001;TD:2017-11-22T00:00:00~2017-11-23T00:00:00,1,True,True') The two large numbers are encoded IP addresses of conversation endpoints. Encoding is simple:…

Are you sure you have enabled CBQoS for all interfaces (which you wish to monitor) in NTA's Manage sources? Do you have QoS configuration assigned to these interfaces?

Hi Osmi, ingress/egress is flow filter, resources will calculate only with flows which enter/leave particular interface. Top Endpoints resource then operates on filtered flows, and will take both source and destination endpoint from each flow. In your example I assume that R1, R3 are endpoints and R2 is an interface. So…

Unfortunately, I don't think that's possible, because of "%port number". That would require more complex parsing which isn't possible in SWQL. Nonetheless Chad's answer is relevant, what you'd typically monitor is physical devices to where you can navigate through F5 device. If you're monitoring virtual IP addresses, the…

Andrew, could you please provide more information on what would you expect to see on CBQoS resources when they're places on node detail or summary view? Currently CBQoS resources are limited to interface details view, because one interface has one QoS policy. If it's placed on node details, would you like to see all…

If you are able to see traffic on that loopback address then I believe it's working correctly. Do you see all traffic there? If you use nProbe like this it will insert specified interface indexes into every flow (0 and 1 in your example), so each flow will appear to go to/from these interfaces. NTA does not match 0 to any…

Hi, those interfaces were probably added due to 'Enable automatic addition of NetFlow sources' option being enabled. Go to Manage NetFlow sources and uncheck NetFlow checkbox for interfaces you don't wish to monitor by NTA and hit submit. Regards, Martin

Hi, this message is shown when NTA receives flows which have both input and output interface index 0. Such flows are invalid, they can't be matched with any interface in Orion. You can check this in WireShark, expand some flow and look for InputInt and OutputInt fields. Most probably you'll see that all flows have zeros in…

Hi, there seems to be an issue with interface indexes not matching those in flows. If you have all interfaces on Nexus managed by Orion and still aren't getting any data, I would suggest you to open support ticket to investigate this more. Best regards, Martin

Hi Arun, These queries are not as user friendly as others, because some NTA schemas are intended for internal use only. They're designed to be called from our framework on the web. The syntax differs based of NTA version: Here is query for NTA 3.8: SELECT GroupID, GroupName, NodeID, InterfaceID, TotalBytes, TotalPackets,…

Hi, Unfortunately I don't have experience with that particular model. But in case you've missed it, here the list of required NetFlow v9 fields for NTA. You can check the fields presence via WireShark. Also, here' s guide for configuring other Catalyst switches. Maybe it can help configuring your model also. Regards, Martin

Hello andrewbrill, to answer you questions: ad 1. You're right we have some default direction settings for views which can't be easily changed. We'll consider this as feature of future version of NTA. ad 2. Yes, this is by design. But if you expand these nodes on sources you will see list of interfaces and their traffic…

Hello, NTA requires some fields to be present in flows. You can see this article for reference. Check this in WireShark or post a screenshot from WireShark showing NetFlow v9 template. If you confirm all required fields are present and still no flows are being processed I suggest to open support ticket. Regards, Martin

Tom is right, such queries require time constraint to work properly. The easiest fix would be: SELECT TOP 10 ApplicationID, BytesFROM Orion.Netflow.FlowsByIPWHERE (TimeStamp >= '2015-06-01 10:00:00') AND (TimeStamp <= '2015-06-01 16:00:00') If you're after top 10 applications by bytes, I would start with something like…

Hi, please see following thread . The information there applies to NTA 3.9, for older versions the only difference is in filter's TD parameter. In NTA 3.8 use T instead of TD, format is following: T:{startTimeUTC}~{endTimeUTC}; for example: T:2012-02-23T06:42:00~2012-02-23T07:40:00. Let me know if you need more…

Hi, J-Flow is supported and it uses same export format as NetFlow. Because NetFlow v9 is supported this applies to J-Flow v9 also. Regards, Martin

Hi, NTA offers Top Domains resource for such cases. By default it's on NetFlow Node Details view, but you can add it to NTA Summary to get summary data over all nodes. There's also possibility to filter any view by domain - using Flow Navigator you can add facebook.com Domain filter and you'll get the view filtered (e.g.…

Hello, the message about unmanaged device means that server running nProbe is not added to Orion, I guess you've added the node later, since you can see list of interfaces. You also need to enable “Allow monitoring of flows from unmanaged interfaces” in NTA settings, or set egress interface index to server interface…

The table below graph shows total bytes transferred (in your case for last 4 days), it's not a rate. In your Top Protocol resource this means that over TCP protocol there was 64.2 Gbytes transferred. In graph you see average rate (megabits per second) for given time. Also as David pointed out these chart is stacked - if…

Hi sbeauchamp, About the node which gives you no CBQoS data - does the node have some active QoS policies on interfaces which you monitor? And did you enable CBQoS collection for them in NTA's manage sources? If your answer is yes on both, I suggest to open support ticket, it would require deeper investigation. As for the…

Hi, I can explain meaning of these parameters. At first the meaning of entities itself. CBQoSTop gives you top QoS classes on one interface ordered by total bytes. CBQoSDetail gives you time values for selected class maps (this is used to draw chart). Typically you call Top entity to get top classes and then for these…