Other than troubleshooting, how do you make use of your flow data?
- For QoS validation. In cases where companies outsource QoS deployment to the ISPs, NetFlow is great to validate whether the service provider is classifying your traffic per contract.
How often do you look at flow data summaries, and in what form (on-demand via HTML form, automated reporting, CLI top-talkers, etc.)?
- Twice a day. on-demand via HTML
Summaries have the side effect of masking more granular data, i.e. smaller flows that might be interesting. In your view, is this a concern, and if so, how do you work around it?
- For me, not a concern as I am leveraging performance data via NPM
How old does flow data have to get before it's no longer useful? For the sake of SQL, I was only keeping 7 days worth of flow data in NTA, assuming that it would be very unlikely I'd need to go back further than that. That was true most of the time, but there were times I wished I could dig back further.
- Depends. A week is usually fine, but if I had the capability to do forecasting/capacity planning, then up to 13 months (summarized of course) data would be nice.