stibi · Staff Software Test Engineer

Hi, I know this is not chart, but if you want to know actual load on NTA poller this might be useful. NTA service is calculating (per poller) averages from received flows and stores them into SQL Orion Database. There are following averages: * FlowsPerSecondForLast5Minutes * FlowsPerSecondForLast24Hours *…

I am afraid that this is not possible. You cannot select NetFlow Endpoint in the trigger action. 

Hi @"ttripp1" , If we are talking about Layer 2, where flows are exporting MAC addresses, then I am afraid that NTA does not support such traffic. https://solarwindscore.my.site.com/SuccessCenter/s/article/Layer-2-NetFlow?language=en_US

Hi @"dinith99" , Can you try using what I posted in the topic https://thwack.solarwinds.com/products/netflow-traffic-analyzer-nta/f/forum/100889/how-do-i-make-a-custom-widget-that-monitors-net-flow-enabled-interfaces-on-targeted-devices/316684? This will allow you to catch and customize any query you want. If that does not…

You would need to adjust the following parts: Replace: (TimeStamp >= AddMinute(-61, DateTrunc('minute', GetUtcDate())) With: (TimeStamp >= AddMinute(-16, DateTrunc('minute', GetUtcDate())) Replace: HAVING ((SUM(Bytes)) / (1024 * 1024 * 1024)) > 1 With: HAVING ((SUM(Bytes)) / (1024 * 1024) > 1536 That way, the alert will…

Hi @"JJay04" , This should be doable, but the alert will always be limited by node. I assume that those subnets will be passing by single node, so it should not be an issue, but I might be wrong. Anyway, here are the steps: * Navigate to NTA Settings -> IP Groups Management. * Create an IP Group with the subnet that we…

Is there a way to determine which NetFlow IP Address Group is which direction today? I did not find a better way than just capturing the query in SWQL Studio and checking the direction in the captured query. Are there plans to hide fields that shouldn't be referenced by users? I created a new task for that, but it is not…

Hi @"aidanall" , Those IPGroupSegmentsIDs are internal mappings to IP Group ranges. You should not use them and instead I would recommend using IP Address Group name. You can select it in Advanced Selector mode. There is related entity NetFlow IP Address Group and under it is column you are looking for. The entity is…

Hi @"brianbooher" , I discussed this with my colleague, and we are unsure what you want to see. Could you please give us an example?

Hi @"Sriram_1" , This should be possible to do and you have two options how to do it. Option 1: Clone NTA Summary View (you can use Flow Navigator for that) and on that new view specify view limitation that would limit data just for interfaces you want. This has benefit that you can use many resources on that view and…

 Hi @"mhsa" , I am afraid that your use case is not possible to do at the moment. This would require to disable the limitations for NTA Endpoint Centric resources, but no such feature exists at the moment. The data displayed in Endpoint Centric resource are always reported by some node, so the limitation will filter these…

Hi @"psiess", In NTA pages on the left side of the page is expandable Flow Navigator. It is possible to exclude Endpoints, specific conversations or IP Address Groups in it. Just small note here is that changes to IP Address Groups are to applied to historical data, so if you will create IP Address Group and immediately…

Hi @"rjrothwell" , Your idea with monitoring just interfaces that goes to WAN could be a one way to do it and probably the simplest one. NTA has only few mechanism that allows to drop the traffic and I am not sure if they would be usable for you: * Dropping based on protocols. If you will navigate to NTA Settings ->…

Hi @"f.alhetheily" , I think that you are missing interfaces export in your record configuration. For input traffic add: match interface input For output traffic add: match interface output

Hi @"tturner" , Please check if you are getting the NetFlow data on the servers by using WireShark. The tool will help you identify the traffic that is going for example on specific port like 2055. Good thing is also that the capturing is happening before the firewall rules, so if you see no packets then the data are…

Hi @"rahulkudesia" , There are no steps. Right now the number you are seeing is not real FPS count. I would recommend to confirm this first in the WireShark. If you want to know how much FPS you are receiving I would recommend to look on performance counters: run perfmon through start menu -> add new counters -> under…

Hi @"rahulkudesia" , I believe that this will be same problem as described here: Request for guidance to reduce FPS in our SW environment

Hi, Issue was identified on Palo Alto side. Every NetFlow v9 packet carries information about number of PDU/flow records as described here https://www.rfc-editor.org/rfc/rfc3954.txt page 9, field Count. Problem here is that Palo Alto started to report incorrect PDU/flow record count: Regards, Petr

Hi @"karunakar.enugula" , I am afraid that there is nothing I can do here with such short description and also this does not seem like NTA issue. I think that this belongs to different product forum, but you don't need to move it as my suggestion would be to open support ticket on SolarWinds to take a look on the…

Hi @"hs08" , Not all devices are supporting it, but you could use NBAR2 data, that are part of NetFlow (https://documentation.solarwinds.com/en/success_center/nta/content/nta-applications-nbar2.htm). In the Cisco NBAR2 list of defined applications is directly specified "youtube"…

 @"ImNishat" that is actually really surprising to me, but it will actually help me investigate the problem. The logs show completely different values. 2024-07-08 12:21:34,624 [366] INFO SolarWinds.Netflow.Processing.Workflow.Statistics.FlushingStatisticsLogger - In last minute pre-flushing was queued 32 times with total…

Hi @"ImNishat" , That looks fine and your actual FPS are 15K flows per second on average. I am investigating why we are reporting such large number in the report. To validate the number of FPS you can look on the performance counters. Open Start -> type and open perfmon -> on the left navigation panel click on 'Performance…

Hi, The numbers in the table seems incorrect. Really large companies have something like 800K FPS and we are talking about ISP companies. I will take a look at how the FPS(24) are calculated, but for now I would simply ignore that. Is this causing any issue at the moment? Like how much CPU is NetFlow Service consuming?…

Hi @"hs08" , I am afraid that SolarWinds NetFlow Traffic Analyzer does not yet support NAT fields processing from flows. Some solution is suggested here: [mention:305f1d68c63c467c983ae5a751b5e91f:fb5d84b10a5745448a7a45dafc1faa43] , but I am not sure if it is applicable for you.

Hi, NTA does not have any specific requirements for the conversations to be displayed. Based on your description you should be able to see it. There is no requirement for application ports. If the port is not enabled or does not have any application it will fall under "Unmonitored traffic" unless you have uncheck on NTA…

Hi, For the SWQL I will recommend using SWQL Studio which is part of free Orion SDK package https://github.com/solarwinds/OrionSDK. In the SWQL Studio you can catch queries that are executed from the website, look for entity "System.ActiveQuery". So if you will catch query for the NetFlow Sources (widget or even report)…

Hi, I just want to point out that the utilization is not calculated from NetFlow data, but instead it is taken from SNMP polled value. The query you are looking for is: SELECT TOP (10) [T1].[NodeID] AS C1, [T1].[VendorIcon] AS C2, [T1].[Caption] AS C3, [T1].[GroupStatus] AS C4, [T2].[InterfaceID] AS C5,…

Hi, I would recommend using SWQL instead, but you can use also SQL. The data are stored in SQL Flow Storage database and for querying you can use predefined views (NetFlowFlows_View*). Only problem might be that in the Flow Storage are stored only nodeIDs, so you will need to get them from the Orion database (Nodes table).…

Hi, The flows per device statistics were implemented In version 2023.4. You can follow documentation on documentation.solarwinds.com/.../nta-flows-per-second.htm

Hi mrome74, At the moment such feature does not exist and I am not aware of any workaround either. I like the idea.