Documentation forNetFlow Traffic Analyzer
Analyzing network traffic and bandwidth is a key capability of Hybrid Cloud Observability Advanced and is also available in a standalone module, NetFlow Traffic Analyzer (NTA). Hybrid Cloud Observability Advanced and NTA are built on the self-hosted SolarWinds Platform.

Configure NTA-specific alerts

You can use the out-of-the-box alerts as templates for customized alerts. Configure an alert for NTA based on a predefined top talker or CBQoS alert.

For out-of-the box alerts, you have limited edit options. You can enable or disable the alerts, add trigger and reset actions, or adjust Time of Day settings. To make more substantial changes, such as changing the conditions, select the alert and click Duplicate & Edit.

Configure trigger actions for default top talker alerts

Default top talker alerts notify you when current percent utilization of an interface (receive or transmit side) rises above a specified threshold (75%). The alert writes an entry into the SolarWinds event log and sends a web page to specified recipients.

To make the top talker work, configure credentials used for accessing and sending the SolarWinds Platform Web Console page and specify the email address that will receive the notification.

Default top talker alerts use the default Admin account and no password for sending the SolarWinds Platform Web Console page. When you change the default account credentials, top talker alerts stop working. Provide valid credentials into the trigger action macro.

  1. Click Alerts & Activity > Alerts.
  2. Click Manage Alerts.
  3. Select a top talker alert.

    To find top talker alerts, type top talker into the search box to filter the alerts.

  4. Select a Top Talker alert, and click Edit.
  5. Go to Trigger Actions.
  6. Click Edit for the E-Mail a Web page action.
  7. Enter an Email address for receiving the web page. You can specify the sender and a reply address.
  8. Expand Message.
  9. In the Enter or Paste the Web macro, enter the macro:
    • For incoming traffic: ${N=NTA.Alerting;M=NTA.InInterfaceDetailsLink}
    • For outgoing traffic: ${N=NTA.Alerting;M=NTA.OutInterfaceDetailsLink}

  10. Complete the Edit Alert wizard.

When an interface utilization reaches the specified threshold, the specified recipient will receive an email with the SolarWinds Platform Web Console page. See Emailing a Web Page in the SolarWinds Platform online help for more details.

Change the threshold for Top Talker alerts

  1. Click Alerts & Activity > Alerts.
  2. Click Manage Alerts.
  3. Select a top talker alert.
  4. Click Duplicate & Edit to create a copy of the alert and keep the original intact.
  5. Adjust the alert properties if necessary. Under Enabled, turn the alert On and select how often the trigger condition should be checked.

  6. On Trigger Condition, define the conditions that trigger the alert.

    Default top talker alerts trigger when the transmitted or received utilization of the interface exceeds 75%.

  7. On Reset Condition, define the conditions for resetting the alert.

    Default top talker alerts are reset when the transmitted or received utilization of the interface drops below 50%. You can adjust this condition or add conditions.

  8. On Time of Day, schedule when to run the alert.

    To run the alert always, select Alert Is Always Enabled, No Schedule Needed.

  9. On Trigger Actions, create actions to execute when the alert triggers.

    If there are endpoint-centric widgets on the Interface Details page when it is captured for a top talker alert notification, the links to those widgets will be non-functional in the email. The information in the alert notification is not customizable.

  10. On Reset Actions, define specific tasks to be performed when an alert is no longer active, such as writing to the log that the issue has been acknowledged.
  11. Review the Summary, and click Submit.

Configure a CBQoS alert

Specify the policy and class path for default CBQoS alerts. If you only enable a default CBQoS alert without configuring the trigger condition, the alert will never trigger.

  1. Click Alerts & Activity > Alerts.
  2. Click Manage Alerts.
  3. Select a CBQoS alert, and click Duplicate & Edit.
  4. Adjust the alert properties if necessary. Under Enabled, turn the alert On and select how often the trigger condition should be evaluated.

  5. On Trigger Condition, define the conditions that trigger the alert.
    Go to the fourth field in the Policy and Class Path line, press the down key, and select a policy.

    Tips

    • If the class name is unique, select "includes" in the third box for Policy and Class Path, and type a unique part of the class name into the last box.
    • To be alerted on all policies (Drops, Pre-Policy, or Post-Policy, based on the selection in the CBQoS Stats Name line) that exceed the specified sum of bytes, delete the Policy and Class Path line from the trigger condition.
    • To be alerted on policies on a node, add a simple condition defining the node name. Select Node as the Orion Object in the first field, and Node Name as the Database column. See Define the conditions that must exist to trigger an alert in the SolarWinds Platform online help.
  6. To allow traffic to fluctuate and delay triggering the alert, select Condition must exist for... and adjust the number of seconds for which the condition exists.

  7. On Reset Condition, define the conditions for resetting the alert.

  8. On Time of Day, define the days and times when the software actively evaluates the database for trigger conditions.

    To run the alert always, select Alert Is Always Enabled, No Schedule Needed.

  9. On Trigger Actions, create actions to execute when the software triggers the alert.

    The default action for all alerts is to write to the SolarWinds event log.

  10. On Reset Actions, you can define actions to execute when the software resets the alert.
  11. Review the Summary, and click Submit.