EV Observe - Use NetworkAnalysis-NetFlow-TOPList / NetworkAnalysis-sFlow-TOPList ServiceTemplates
The NetworkAnalysis-NetFlow-TOPList and NetworkAnalysis-sFlow-TOPList service templates identify the top list of IP addresses (talkers), connections and protocols with the highest network bandwidth consumption in a NetFlow or sFlow environment.
- They are used to monitor and analyze bandwidth consumption over a given period and provide a detailed view of network traffic.
- You can display the data in a Dataviz using the Network analysis widget.
- You can define alerts to be triggered if the thresholds specified for network bandwidth consumption are exceeded.
NetworkTrafficMonitoringChallenges
Challenges in network traffic monitoring
- Identify the users, applications and protocols with the highest bandwidth consumption in order to optimize the performance of the infrastructure and Internet access costs, and improve the quality of service.
- Anticipate the risk of incidents and adopt measures to prevent technical network failure.
- Define bandwidth consumption strategies, implement the required corrective measures and anticipate bandwidth upgrades.
- Identify the causes of bandwidth bottlenecks rapidly to ensure a return to normal operations as quickly as possible.
See Network traffic monitoring: Operating principleNotes
- You can associate the templates with a host where NetFlow or sFlow is configured, or with a virtual host that centralizes network analysis services.
- NetFlow or sFlow must be enabled for the monitored device.
Best Practice
- Build a Dataviz using the Network analysis widget to display the trends loaded by the templates.
- Deploy one or more NetworkAnalysis-NetFlow-TOPList or NetworkAnalysis-sFlow-TOPList services by top list.
Procedure: How to use the service templates
Prerequisites: Configure the network environment
See:
Step 1: Deploy the service templates
1. Go to the Web app.
2. Create a new service template.
- Select Configuration > Services > List in the menu.
- Click + Add in the Mode: Box tab.
3. Specify the information below.
General information tab
- Service template: Select the NetworkAnalysis-NetFlow-TOPList or NetworkAnalysis-sFlow-TOPList template depending on whether your environment is NetFlow or sFlow.
- Name: Enter the name of the new service to be created. Its name should correspond to the event to be captured.
Availability and checks tab
- Collector Storage: IP address of the NetFlow or sFlow collector.
- Top list type: Type of top list to display in the Dataviz.
- 1: Top talkers, for the IP addresses with the highest bandwidth consumption.
- 2: Top connections, for the data flows with the highest bandwidth consumption.
- 3: Top protocols, for the applications with the highest bandwidth consumption.
- Top Count: Number of records to be displayed in the top list.
example 10 ==> Display the top ten
- Analysis period in the selected time unit: Number indicating the analysis period of the top list, expressed in the selected time unit.
- Selected time unit: Unit expressed in minutes (m), hours (h) or days (d).
example Period = 10; Time unit = days ==> The top list will show trends over a period of ten days
- Directory name: Path to the folder containing the NetFlow or sFlow exports.
- Warning threshold in percent: Warning threshold for bandwidth consumption, expressed as a percentage.
- Critical threshold in percent: Critical threshold for bandwidth consumption, expressed as a percentage.
4. Click Apply to save the new service template.
Step 2: Create a Dataviz using the Network analysis widget
See the procedure
Use case
- Top IP addresses with the highest bandwidth consumption, displayed using the Network analysis widget
- Top applications with the highest bandwidth consumption, displayed using the Network analysis widget
