Problem Accessing Historical Data

steven99 · by **steven99** » Mon Jul 04, 2011 10:55 am

Hi,

We are busy trailing Scrutinizer.

If I search for an IP address and leave the period for the last hour or so, it finds data. However, if I change to period to something else such as last 24 hours, last week etc, it doesn't find any data for the host.

Am I missing something obvious?

mpatters · by **mpatters** » Mon Jul 04, 2011 7:48 pm

Hello, There is a very good reason for this. If the volume of flows from the device is significant and the end system is a low volume traffic producer, the "roll up" process in Scrutinizer may end up dropping all of the data from the end system you are trying to find in the larger intervals.
http://www.plixer.com/blog/netflow-anal ... tated-why/

steven99 · by **steven99** » Tue Jul 05, 2011 4:20 am

Ok, thanks for that link, makes some sense now.

So, if I need to search for an IP that is dropped by the roll up, but I am not sure of the exact time frame (e.g sometime in the last 24 hours), is there any way I can search for it?

dalet0 · by **dalet0** » Tue Jul 05, 2011 9:08 am

Steven99,

No there isn't a way to do that. you might need to guess the time frame and keep adding a filter for that IP until you find the conversations you are looking for. Also note that since the IP has been dropped as a result of roll-ups, you might want to set granularity to 5m or 1m each time.

http://www.plixer.com/blog/scrutinizer/ ... reporting/

dalet0 · by **dalet0** » Mon Aug 08, 2011 6:29 am

Are you all set?

Problem Accessing Historical Data

Problem Accessing Historical Data

Re: Problem Accessing Historical Data

Re: Problem Accessing Historical Data

Re: Problem Accessing Historical Data

Re: Problem Accessing Historical Data

Who is online

Who is online