You can edit the Summary page in Orion Admin -> Manage Views -> NetFlow Analysis Summary -> Edit
Hit the + Button and select report from Orion Report Writer into both the left and right columns.
Go to the NTA Summary page and look at the Report wrter resource
Specify the Top 20 Traffic dest by domain
Go to the other one and specify Top 20 source by domain
That seemed to do the trick! Would be nice if I could get those fancy schmancy icons, but beggers cant be choosers.
I supposed if I only wanted the top X domains, I can copy the top 20 report and change it to only show the top x results, then use that report on the summary page.
This answer doesn't really address this issue. The problem is when your top 20 (or however many dest or sources) are all from the same domain, then all you end up with is one domain listed. The real value would be able to see the top XX domains that your user community as a whole are accessing. This info would prove very valuable when trying to make an argument to mgmt for blocking pandora.com for instance.
The solution above will almost invariably return sources and/or dests that are in the internal domain.
Sure seems like Orion would have provided the option at the summary level.
I believe the answer is suitable. You can create a report to only show the flow you are interested in, and post that to the summary page.
For instance, I can have several reports displayed on my NTA summary page. Maybe one report for top domains from Netflow source A and one from Netflow source B, etc.
Granted, making the top XX domain resource available to put on the summary page ends all debate, but we gotta make use with what we have.
The only loss I seen using this method, is you dont get those fancy domain icons that you get when seeing the top domains resource in the Netflow node details page.
With 43 locations on our network this really isn't a manageable solution at all. Plus locations are of all varying number of users, so it isn't so much even which domains are being accessed on a per location basis. I might have NodeA show the top domain of youtube.com, but if there are only 5 people there, that might actually represent a much smaller level of access than domain #10 from NodeB which has 250 people.
Trying to manually sort it all out from the output available per node would be next to impossible.