On 7/30/2018 at 8:36 AM, Mosh said:
@mnagel Do you mean the flow data as it appears in the Traffic view?
@mosh Correct -- there is no access to this information via the API and no alerting capability, so if data is not populating for any reason, it is an unpleasant surprise when the data is needed. I run into this all the time, but have been able to create alert rules for key datapoints that let me know when stuff is broken (e.g., I found recently SNMP breaks when you have intermediate firewalls since the code re-uses a single session and sometimes passes data too infrequently to keep the "connection" active).
Very nice! I have an initial script now that pulls top flows for netflow-enabled devices, so now I must see what I will do with this. Minimally, detect lack of data and either opsnotes additions for exceptional usage or email alerts (or both). Definitely important to include the size parameter, though. Core of current in-progress script:
my $devices = $lmapi->get_all(path => "/device/devices", fields => "id,displayName,enableNetflow");
for my $device (@$devices) {
if ($device->{enableNetflow} == JSON::true) {
for my $flow ($lmapi->get_all(path => "/device/devices/$device->{id}/flows", size => 10, sort => '-usage', time => '2hour')) {
print Dumper($flow);
}
}
}