This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Netflow Data Retention

We have a requirement from my Network architects to keep uncompressed netflow data for 7 days. We need the ability to see spikes that happen up to a week back. When the data gets summarized to days, by then the  event spike is ironed out. If this is a setting, I can’t find it. If this is not an option I have a feature request to add it. I think the app should not be set to what will work for most. This locks out users that need be a little different.  
  • aliendan,

    I don't think it's possible (at least not in NTA 3.5) to store uncompressed data for 7 days.  The setting seems to be limited to a drop down box with 240 minutes being the maximum amount of time you can store uncompressed data.  I'm guessing the limit is due to the amount of storage that would be required to store that much uncompressed data.  Even on network monitoring a few netflow interfaces, you'd end up with a rather large database storing that much uncompressed data.  We're monitoring almost 500 Netflow interfaces.  If I tried to keep 7 days of uncompressed data I'm pretty sure our DBAs would put me on their most wanted list.

  • Hi ALiendan, i saw a post of you about changing the rentention of the uncompress netflow information for more than 240m ,i have the same problem. did you recived an asnwer about this? Did you solved it?

    Thanks in advance.

    Diego

  • Check http://thwack.solarwinds.com/community/solarwinds-community/product-blog/blog/2011/06/10/data-aggregation-and-summarization-for-netflow-nta

    Basically, yes, but you have to change it from the database directly rather than the Web UI and they do not recommend it. There are also finer settings to be found there like "time for 15 min. compressed data" and "time for 1hr compressed data" which could still work while reducing the burden by a great deal.

    However, to track spikes, I would suggest making alerts to see when they happened and who were the top talkers at those times rather than retain uncompressed Netflow data (which is minute to minute).