12 Replies Latest reply on Apr 13, 2010 10:32 AM by Jan.Krivanek

    NTA Search by application

    extrands

      Noticed today that when using the search by application/port search applet on the NetFlow Summary, it shows no data on any interface.  When drilling down into the Netflow sources without searching, it works fine.  I tried search by endpoint as well, no data displays.  Does anyone else use these two applets successfully since NTA 3.6 was released?  I know they both worked correcty prior to the upgrade.

        • Re: NTA Search by application

          HI extrands--

          While you're waiting on the community, I've marked this for the PM to review and chime in on.  If you don't hear anything back, open a support ticket.

          Thx,

          M

          • Re: NTA Search by application
            chris.lapoint

            Please open a support ticket on this issue.   I'm not sure why that would be the case.

            • Re: NTA Search by application
              ecklerwr1

              Looks like something might be up see both of the following... I would think they should show the same thing:

              And here's the result after searching port 161:

                • Re: NTA Search by application
                  GZhytar

                  ecklerwr1,

                  that sounds like a bug. Thanks for such a good info you've provided. I've opened internal ticket for investigation and fix.

                  For internal guys: NetFlow #3563

                  thanks

                    • Re: NTA Search by application
                      ET

                      Hi ecklerwr1,

                      can you please post here exact URL for search result? It should be something like .... ApplicationDetail.aspx?NA:161.... I just want to be sure, that all needed parameters are there.

                      I would say that data appear when you switch from [Both] to [Ingress] and back to [Both]

                       

                      Thanks.

                        • Re: NTA Search by application
                          ecklerwr1

                          @ET Yes here's the exact URL you get when searching on port 161:

                          http://az25istnnm1:8787/Orion/TrafficAnalysis/SearchResults/SearchApplicationResults.aspx?SearchStr=161&Field=Port

                          Also when do above search I get nothing for port 161 when switching between both / ingress / egress and back to both.

                          Here's another kicker:

                          When drilling down from default into the interface details:

                          NetFlow Interface Details - az25rtr03-istn - NMS LAN Switch (H1216)

                          Last 15 Minutes  
                          Both  

                          I get:

                           

                          Then when switching to ingress:

                          NetFlow Interface Details - az25rtr03-istn - NMS LAN Switch (H1216)

                          Last 15 Minutes  

                           

                          Ingress  

                           

                           

                           

                           

                          Now when I switch to Egress:

                           

                          NetFlow Interface Details - az25rtr03-istn - NMS LAN Switch (H1216)

                          Last 15 Minutes  

                          Egress  

                          Strange that showing both I see the 161 traffic on drilldown but non for ingress or egress??? 

                          Definately looks like a bug of somekind.

                            • Re: NTA Search by application
                              ecklerwr1

                              I would also assume that everyone on NTA3.6 would see the same behavior.  Maybe some other people can check???

                                • Re: NTA Search by application

                                  Hi ecklerwr1,

                                   

                                  According to the URL that you posted I guess you are trying to search application by port by "Search Application" feature on the SummaryView page - Is that true? There is really a bug in this feature in NTA 3.6 which will be addressed in future release (for internal gus, this was item #3534).

                                  Anyway, you should be able to drill to the same view trough interface detail view (your first screenshot) by clicking on application link.

                                  Also as a temporary workaround for this problem (working just for single port applications) you can search the application (by port or name) then select desired node or interface which will redirect you to the resulting application detail page (that will correctly display the information about application but any data as shown in another from your screenshot). The URL of this resulting page will look something like following:

                                  ...Orion/TrafficAnalysis/NetflowApplicationDetails.aspx?NetObject=NA:100060;I:7

                                  And you will need to correct the number between “NA:” and “;” (shown in bold) to the correct port number. For example for HTTP you would need to correct it to the form:

                                  ...Orion/TrafficAnalysis/NetflowApplicationDetails.aspx?NetObject=NA:80;I:7

                                  Please let know if this solve your issue, or if you need more information or assistance.

                                  Thanks for your participation and patience

                                  Regards

                                  JK

                                • Re: NTA Search by application

                                  Hi ecklerwr1,

                                  I also found that you have a problem with inconsistency between Ingress, Egress and Both Application Detail View. This is also really a bug in NTA 3.6 release, related to Application detail view and IP address groups detail view (for internal guys this was entered and solved as #3277, and related hotfix was tracked and verified under item #3408). This will be also addressed in future release, but if this causes you problems please feel free to open ticket/another post – as I mentioned there is already a hotfix solution for your version.

                                  Regards

                                  JK

                                    • Re: NTA Search by application
                                      ecklerwr1

                                      Hi Jan-

                                      You hit the nail on the head on both counts.  I've been able to pretty much get what I need for now and NTA3.6 has been an improvement.  We all appreciate your dedication to documenting and doing the bug fixes.  Also your attention and participation here on thwack is greatly appreciated.

                                      Thanks for the tip on getting the port number resource by:

                                      For example for HTTP you would need to correct it to the form:

                                      ...Orion/TrafficAnalysis/NetflowApplicationDetails.aspx?NetObject=NA:80;I:7

                                       

                                      Best Regards,

                                      Bill

                            • Re: NTA Search by application
                              ecklerwr1

                              What's the difference between:

                              NetFlow Interface Details - az25rtr03-istn - NMS LAN Switch (H1216)

                              Last 15 Minutes  

                              Both  

                              and

                              NetFlow Application - SNMP (161)

                              Last 15 Minutes  
                              Both  

                              Shouldn't these both show the snmp traffic on port 161??? Only the first one does.