A brief how-to video outlining how to create reports displaying flow data collected by SevOne.
This video just going to show you how to add a FlowFalcon report attachment to your report. A few ways to do this. We're going to go over two of the most common. One way you could bring a flow report into your report is by chaining and chaining is just the process of taking some metric that's graph and a report and tying it to another report so that when you change the time span of the parents, the child is updated as well. Now sometimes you can do this manually but out of the box a handy workflow is our quick chain to flow.
What that will do is will bring in the flow data for the exact same time span you have there and apply kind of the default Top Talkers template which can be edited at your leisure but what you can also do is highlight an area of interest, maybe about these two peeks here and the child will update automatically. Now another way to get a flow report attachment is by adding a report attachment, selecting the FlowFalcon icon, deciding which interfaces you would like to have this graph apply to.
Now filters are an important concept. For a filter to actually work, the field you are filtering on needs to be present in the flow template you select. For example in Top Talkers where we are just looking at application IP in the amount bandwidth consumed I could not filter on application port to just receive web traffic. One of the columns needs to the application port for me to filter on port 443 for example or port 80. That's just something to be conscious of when applying filters. They need to be in the flow template that we are providing. You can see we can filter on quite a number of fields here to give you some real flexibility in terms of the data that's returned.
Now I'm going to change my view to Top Talkers with Applications. You can also define or filter on network segments, creating a network segment is covered in another video. Your result limits and a few other items there. Aggregated data in order for the report to top it very quickly. There is kind of some summary statistics applied to the data that we're bringing back. If you want to get a really granulated view of all the flows that have traversed particular interfaces for a very narrow span of time, just untick this.
Now the split option is actually pretty handy. Knowing just the application IP is nice but it would be great to know exactly what interface this data is actually tied to and then some options in terms of how we display some of the data being reported back. Select the time span, keep the default of the past 4 hours and then some available columns you could add. We've got to stay with the default and hit finish. Scroll to the bottom of our report and you can see that we are only looking at web traffic. We are looking at into the top application IP's and because I turned on the split feature, I can see exactly which interfaces this top applications are coming from.
In addition to these videos, remember that the Data Appliance NMS User Manual is available through the NMS UI as shown below. Clicking on the question mark at the top right of any page will automatically bring you to the section of the manual that corresponds to the page you are currently on.