ProfessorThe newer filter capability is appreciated, but would be even better if more complex logic could be applied (AND/OR/NOT for multiple filters) to really focus on specific types of traffic while excluding others. For interfaces, glob matches would be very helpful. For src/dst address match, please allow for prefix matching as well as host matching.
Thanks,
Mark
ProfessorI see all the crickets have come to this F/R to hang out. This is a pretty important improvement for using NetFlow for incident research. For example, if you find an IP that is doing a lot of traffic while trying to identify a problem and that IP is harmless, I should be able to filter the harmless IP out of my search as I iterate. There is currently no non-API way to do this. If the filters could be complex with AND/OR/NOT and groups, then it would be much simpler to make use of the data for real world investigations.
Similarly, it seems like saved filters are per-user and it would be far more useful if they could be shared across multiple users.
We're experimenting with netflow now and we are also struggling with these very real limitations. It would be great if we could get a response as to whether or not enhancements to Netflow are going to be prioritized. Currently we're finding that we have no other choice but to rely on multiple tools to gather this data.
Product Manager
