Documentation forNetFlow Traffic Analyzer
Analyzing network traffic and bandwidth is a key capability of SolarWinds Observability Self-Hosted (formerly Hybrid Cloud Observability) and is available in the Advanced edition. NetFlow Traffic Analyzer (NTA) is also available in a standalone module.

Resolve unknown NetFlow traffic

If your devices export flows to the NTA receiver, but are not managed in NPM, or are not configured for monitoring in NTA, NTA cannot process the exported information. NTA informs you that it is receiving unknown traffic by displaying a message in the yellow information banner at the top of your NTA views.

Unknown traffic can be viewed either as individual events within the Last XX Traffic Analysis Events widget or on the Last 200 Unknown Traffic Events view.

Unknown traffic can include traffic from unmanaged devices and unmonitored or unmanaged interfaces. The following sections introduce different unknown traffic types:

Traffic from unmanaged nodes or interfaces

Unmanaged objects are nodes or interfaces that are not managed in NPM. The devices export flows, but NTA cannot access the necessary data stored in the SolarWinds Platform database. You need to add these nodes and interfaces to NPM first. For more information, see Add flow-enabled devices and interfaces to the SolarWinds Platform database.

Traffic from unmonitored interfaces

Unmonitored interfaces are interfaces managed in NPM, but not monitored by NTA. Traffic data from them are collected, but you cannot see them in NTA until you enable monitoring for them. For more information about monitoring flow and CBQoS sources in NTA, see Flow sources and CBQoS polling.

Traffic from unmonitored interfaces appears in NTA mainly if flow sources are not being added to NTA automatically. For more details, see Enable the automatic addition of flow sources.

Traffic from unmanaged interfaces

Unmanaged interfaces cannot be monitored using SNMP. However, NTA can receive traffic from these interfaces. NPM does not poll data for these nodes via SNMP, the nodes are only registered there and flows can be processed by NTA. However, to monitor this data in NTA, you must add the interface for monitoring to NTA, and provide the interface speed. For more information, see Enable flow monitoring from unmanaged interfaces.

If you cannot see an unknown traffic event concerning a device which should be exporting NetFlow, log on to the device and check the configuration. Make sure the device sends data to the appropriate port, which is 2055 by default.

Resolve unknown traffic events

  1. Click My Dashboards > NetFlow > NTA Summary.
  2. Check the yellow banner area below the tool bar.
  3. If there are unknown traffic events, click Show Unknown Traffic Events in the banner.

    If you cannot see the banner, click NetFlow Settings, and then click Show Unknown Traffic Events under NetFlow Management.

  4. The Last 200 Unknown Traffic Events view lists the last 200 events related to NTA, including those in which flow traffic was received but was not associated with a NetFlow source.
  5. Resolve individual events.

Test whether the events were resolved

  1. On the Last 200 Unknown Traffic Events view, click Clear Notifications.
  2. Click Refresh Events. New events are added to the list, and unknown traffic events return to the list if they have not been resolved.
  3. You can also test resolving unknown traffic events by clicking My Dashboards > NetFlow > NTA Summary. You should no longer see a banner regarding unknown flow traffic. If you do, click the message and re-examine the Last 200 Unknown Traffic Events list again, repeating the steps in these procedures to resolve unknown traffic.