My need: Sometimes I need to look at one or more endpoints to see quickly who is generating the most traffic.
My problem: When I use the Search Netflow Endpoint by IP address using a single address of a range, the list I get back shows each endpoint as an expandable item. If I click the "+" next to an endpoint, it shows the node under it with a "+" next to it. Then I click on the "+" and see the node's interface, which I click to get the display for that endpoint.
I have one node sending Netflow data for these nodes, and would rather have a link to the endpoint display instead of having to click three times to get there. At one time, I had four nodes on other DMZs sending Netflow data, but decided the one would give us 99% of what we needed, so turned off the collection and the sending of Netfow data from the others. Does something need to be removed from the database that makes it act the way it does?
What I'd rally like to be able to do is display a Top n list like the Conversations or Endpoints based on an IP address search. I could see at a glance who the heavy hitters are for a particular IP range. How can I do that?