In addition, even though only one interface, the WAN interface, is configured to send Netflow, we receive messages from Orion that it is receiving Netflow information from unmonitored interfaces. This is true, but it's unclear why those interfaces are being sent.
I have a case open with Support.
There's a couple things to mention here. First, your cache timers, Netflow doesn't send data as it's happening. It typically sends conversations that have completed or have hit a configurable timeframe. For this reason, if someone is having congestion issues right now, you may not see the conversation causing it for 30 minutes (default) in NTA because the layer3 device (router or L3 switch, depending on your network design) hasn't exported it and sent it. Second thing, you can configure "top talkers" on most IOS devices:
If you aren't seeing Netflow data "right now" as you would expect, you can run the command "show ip flow top-talkers" on the layer3 device and get an immediate list. This will help the immediate need, and then when the export occurs, you'll have your charts and graphs for analysis.
Hope that helps, but I think your real issue is the cache timers.
cache timeout inactive 60
cache timeout active 60
We have the same issue on interfaces that are not highly utilized. So, I don't think it's about not being able to send the flows. I'll try the cache timers anyway and see if that helps. We have some routers for which it works and some for which it doesn't seem to work. Same models, same IOS.