Details
Assignee
UnassignedUnassignedReporter
Ronny TrommerRonny TrommerLabels
Doc Backlog Grooming Date
Jun 21, 2021Doc Backlog Status
NBComponents
Priority
Major
Details
Details
Assignee
Unassigned
UnassignedReporter
Ronny Trommer
Ronny TrommerLabels
Doc Backlog Grooming Date
Jun 21, 2021
Doc Backlog Status
NB
Components
Priority
MajorPagerDuty
PagerDuty
PagerDuty
Created February 19, 2020 at 10:57 AM
Updated August 9, 2023 at 1:42 AM
When we configured a Ubiquiti EdgeMax, Edgerouter 6p you can configure Netflow v9 and the sampling can be turned off. In our flow documents the
netflow.sampling_intervalis not set and thenetflow.sampling_algorithmis set toUnassigned. In Grafana we will see an error message with an illegal argument exception:Could not find field name [netflow.sampling_interval] in multiValuesSource.There might be a way to fix this setting by configuring the device with a sampling interval like
set system flow-accounting netflow sampling-rate 50We should provide a way to handle this situation by a) set it to 1 so we assume every packet is sampled and/or b) present a more useful error message. Im not sure if the sampling interval is a required field and if unset there is a common default.
When using sampled NetFlow, the rate at which packets SAMPLING_INTERVAL 34 4 are sampled; for example, a value of 100 indicates that one of every hundred packets is sampled For sampled NetFlow platform-wide: SAMPLING_ALGORITHM 35 1 0x01 deterministic sampling 0x02 random sampling Use in connection with SAMPLING_INTERVALThis is a sample flow document:
{ "_index": "netflow-2020-02", "_type": "_doc", "_id": "g9TVXHABMkcB6H4qOfw3", "_version": 1, "_score": 0, "_source": { "@timestamp": 1582105441000, "@version": 1, "host": "172.21.0.1", "hosts": [ "192.168.1.40", "192.168.5.1" ], "location": "BeachHouse", "netflow.application": "domain", "netflow.bytes": 71, "netflow.convo_key": "[\"BeachHouse\",17,\"192.168.1.40\",\"192.168.5.1\",\"domain\"]", "netflow.direction": "egress", "netflow.dst_addr": "192.168.1.40", "netflow.dst_locality": "private", "netflow.dst_port": 55708, "netflow.first_switched": 1582105109603, "netflow.flow_locality": "private", "netflow.flow_records": 8, "netflow.flow_seq_num": 7984, "netflow.input_snmp": 0, "netflow.ip_protocol_version": 4, "netflow.last_switched": 1582105109603, "netflow.output_snmp": 4, "netflow.packets": 1, "netflow.protocol": 17, "netflow.sampling_algorithm": "Unassigned", "netflow.src_addr": "192.168.5.1", "netflow.src_locality": "private", "netflow.src_port": 53, "netflow.tcp_flags": 0, "netflow.delta_switched": 1582105109603, "netflow.tos": 0, "netflow.version": "Netflow v9", "netflow.vlan": "0", "node_dst": { "foreign_source": "BeachHouse", "foreign_id": "1582043099612", "node_id": 42, "categories": [ "Production", "Servers" ] }, "node_exporter": { "foreign_source": "BeachHouse", "foreign_id": "1582042313120", "node_id": 41, "categories": [ "Routers", "Production", "Infrastructure" ] }, "node_src": { "foreign_source": "BeachHouse", "foreign_id": "1582042313120", "node_id": 41, "categories": [ "Routers", "Production", "Infrastructure" ] } } }