Flow processing errors

    Once you have the devices discovered, but there's a lack of data for monitoring, this could indicate error in processing flows. Some common reasons are:

    • The devices being misconfigured; this could result in the devices sending wrong flows.
    • Two different flow formats are configured from the device.

    V9 flow:

    When no flows are received from the device or a flow processing error message occurs, it can be because of,

    • Different flow formats
    • Mismatched template length: When data and template information you have configured for the device does not match in length.
    • Unchanged template ID: When there are different data fields displayed in the insights as opposed to the updated template ID. NetFlow Analyzer might show no change in such cases because the data field will be shown as per the old template ID.

      • You can follow the below steps.

      • Click on Inventory -> Device snapshot -> Click device template icon in the top right corner(image).
      • If template information is available, then download the PDF file, get the logs folder, and send it to our support team. In other cases, where device template information is not available, ensure that the device template information is exported every minute.

    sFlow

    If NetFlow Analyzer slows down due to the device sending more than 5000 sFlow packets per second, increase the sampling rate for the respective devices. If it is a Fortigate device and double count occurs, configure the device to send flow packets for either ingress or egress alone and not both. Execute the below command in global config mode to set sample direction, "set sample-direction [tx | rx]"

    For more queries, please revisit the configuration or contact our support team via chat support box.