It's difficult to tell based on the symptoms you provided. We'll need diagnostics to troubleshoot this one further. Please open a ticket with support (include reference to this thread) and they'll walk you through how to capture diagnostics.
Hi Jordinho, was your issue solved by support? If it was an easy fix do you mind sharing it here? I am having the exact same symptoms as you and it would be great to have the solution publicly available.
if you can see some gaps in your charts or no data at all, it's first symptom that maybe your SQL server is overloaded, and we are not able to store new data to DB.
Update timestamp that we received new data is easy, but store flow buckets to DB, that's the hard work.
But to say it certainly, we need diagnostics from your nta box. It's strange that after you re-add it, it works. Can you confirm, that this re-added node works fine after that e.g. for 4 hours?
Issue still happens now and again.
I remember when I re-added it, it did display data for a couple of hours.
Our support has lapsed and will not be renewed, so unable to log this with support, hence my post in here ;)
Over a week ago I got more involved with the DBA and looking at the Netflow maintenance there was over 61 billion expired IP addresses!! After a couple of days of database maintenance it brought netperfmon down from 80gb to under 40gb!!
It seems to be running much better, but for some reason the service stopped over the weekend again. Just started it up again now and its running fine. Now with 1523411 expired addresses.
I have reduced the amount of notes in netflow as well, Previously we had around 120, its now down to 58.
There is only one other database on the SQL box (Microsoft SCCM).
Some other posts mentioned 3.1SP2 having some related fixes in it (I was running 3.1SP1.) To my delight after installing it all nodes starting showing their data. Hope this helps.
so you have problem that your expired IPs are not fully cleaned up? There was wrong default configuration in NTA setting, can't remember version right now. By default we removed only 1000 IPs per day (that's nothing).
You need to go to NTA setting page and change maintenance configuration.
Yep, I've done that as well.
My settings are: (I think I will need to change the max time to around 90mins)
Database maintenance is enabled
Database maintenance is executed at 1:30 AM. Delete expired flow data: once a day Maximum time spent to process IP addresses: 45 minutes. Compress database and log files once every ten days.