In my setup I'm seeing a lot of sflow data marked other (90% of records). Is there anyway to see why its not including these records. As far as I know all the packets are TCP and should be included, but it maybe one of the other crieria that is invalidating these records.
For instance I'm not exactly sure that this even means?
"PRTG processes only samples where the source ID matches the ifIndex of the input interface (avoiding double counted traffic) and ascending sequence numbers."
Can you help to identify why its not able to process most of the records
Article Comments
I created my own top list, and there were obviously more than 100 unique connections (the default Top Count), which is why it showed all these fields as other. I increased "Top Count" to 1000, and now I see all the individual records.
Now the question is why are there so many records?
Well most of them appear to be a strange packet or some sort of parsing error
Dec, 2016 - Permalink
PRTG shows you the packets it gets, which means, there have to be slfow packets incoming with quite pointless data (all 0.0.0.0 as destination and source addresses). Additionally to that, you will see the connections here, that the device really does have, which sends you the sflow data.
Dec, 2016 - Permalink
Hello,
Thank you very much for your KB-Post. To avoid a confusion to which 'other' category you are referring to (Toplists or "Normal" Sensor results), can you share a screenshot that clarifies this?
Thank you!
Dec, 2016 - Permalink