This morning, we experienced a company wide (7 site) slowdown. In trying to read / interpret the Solarwinds products, the thing that jumped out at us was that our gateway router was running pretty much 100% outbound. However, when we looked at our NTA graphs, nothing jumped out at us as being the definitive culprit.
While in "fire-fighter" mode, we decided to turn off our MS WSUS website. As soon as we did that, traffic immediately went back to normal.
So, the question is, what did we miss? Why wasn't it obvious via a top talker or top endpoint graph?
Related question: In the setup of the monitored ports and applications. If we do NOT choose a port to be monitored, is that traffic discarded or added to an "other" bucket? So, let's say we are NOT monitoring HTTP traffic and we go to a website that 100% utilizes the bandwidth on the router. Will NTA not show "anything" or will it show that the router is 100% utilized by unknown traffic?
