• State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 24 subscribers
  • Views 238 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Too basic to be a good troubleshooting tool?

DGoodale

Because of cost, we recently moved from the Fluke(Crannog) Netflow Tracker product to the Solarwinds Netflow Traffic Analyzer. Perhaps it's just the "learning a new product" blues but so far, I feel like I've replaced my dashboard gauges with idiot lights.

When I choose a device in Netflow Tracker, I get a chart of all the reporting interfaces showing inbound and outbound utilization. Select an interface and I get a differentiated bar chart of all inbound and outbound traffic. I select a timeframe, right click and I get about a bazillion options to filter the selected data. I can view inbound, outbound or all traffic. I can view it by source, destination, conversation or any of dozens of other viewpoints. Once I've selected and viewed my filtered data, I can filter THAT again to further isolate whatever traffic I'm looking for, if necessary.

With Netflow Traffic Analyzer, I get to filter by endpoint or application. Fine. So I type in the address of my workstation and click on search. What do I get? I get the list of all interfaces and I get to open each interface one at a time (twiddle thumbs while waiting for the view to build) to see if there was traffic? Once I get all my routers in Netflow that would be an all day project. No thanks.

With Netflow Tracker, I get to see ALL the selected data. The top ten are specifically charted and the rest are lumped into a group called "Others". This way, if I selected inbound or outbound traffic, I get to see TOTAL bandwidth used and how much my top talkers are using individually.

With Netflow Traffic Analyzer, I get the Top XX conversations, or Top XX whatevers. I even have to figure out myself if it's inbound or outbound traffic so my Top displayed talker(s) may not even be involved if I'm having an inbound problem and the top talkers are outbound. I also don't know percentage of bandwidth utilized since both inbound and outbound traffic are reported in this Top XX approach.

I even thought I'd be sneaky so I put an interface bandwidth utilization chart at the top of my Netflow Interface Details View so I'd at least be able to have utilization data in the same view I was using but all I got was a little square with an X in it...not very helpful.

As a last resort I even checked the manual.....no help. I looked for tutorials, none exist.

So....I really have to wonder...am I missing something? Maybe someone has created a bunch of reports to alleviate all the issues I'm having? I'd sure appreciate some feedback.

 

              Dan Goodale - Network Engineer

              Triwest Healthcare

  • 0

    Dan,

    Thanks for the post.  We really appreciate the frank and honest feedback.  We're working on a number of enhancements that would be helpful in addressing some of the use-cases you described (see this post: ).  

    I'd like to setup a gotomeeting with you to run through the following:

    1) Use-cases you described above using NTA today.   There may some things that we can do now that you may not be aware of.  If not, I'd like to make sure I'm capturing your use-cases correctly.

    2) Demo of the things we're working on and get your feedback.  We've got some really cool things coming to make our visualization of data more valuable.

    You should be receiving a private email from me shortly.

    I'd like to also extend the invite all others who feel the same way as Dan (and would like a preview demo of what we're working on) to send me an email through Thwack.

    Cheers,

    -Chris

  • FormerMember
    0 FormerMember in reply to chris.lapoint

    i would like some of that...  i am trying to migrate away from fluke to NTA, but the network guys are teling me to go away due to functionality....

  • 0 in reply to FormerMember

    I would like to see this as well.  In fact I would go a little further.  The current screens and graphs are great for top talker type of functionality, but I would love to see a different screen for more of a forenzic analysis where you can dive deelpy into a conversation or node and see all data related to it vs top 5 type stuff.

  • 0 in reply to Donald_Francis

    Thanks for the feedback.  Please keep it coming.

    Again, if you're interested in a gotomeeting to run through this, please let me know in your post and I'll reach out to you individually.

    Cheers,

  • 0 in reply to chris.lapoint

    I think primarily what I would like to see in a forensic screen is not the top 10 type of info but detail what a node did throughout the network or make it easy to find a particular conversation.

    Think of it this way, if you had an infected node or nodes you would maybe want to use netflow to see what those nodes were doing or did.

  • 0 in reply to Donald_Francis

    You can search for an IP or hostname using the search for Endpoint resource on the NTA summary view, select an interface, and it will allow you to drill-down to an endpoint specific view.   The problem is that it doesn't cross all interfaces sending flow data.   It sounds like that's what you're looking for is endpoint-specific "top talker" view inclusive of data from all NetFlow sources, correct?

  • 0 in reply to chris.lapoint

    That's pretty close yes.

    Although on top of top talker I would like to see specific flow data to see what a node was doing or talking too.  Now maybe that crosses the barrier where because of the data summarization that would not be possible without turning compressed today close to off.

    But I think that is what some of the other higher priced tools have on you guys at the moment is the forensic ability.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.