Testing and tuning¶

To ensure that Flow Analytics is properly configured, testing the various definitions, settings, and enabled features is strongly recommended. This can be accomplished by checking what Alarms and Events are being reported in the Alarm Monitor views.

When setting up Flow Analytics for the first time, the following process is recommended:

Navigate to Admin > Definitions > IP Groups and populate the DNS Servers, Public WiFi, Network Scanners, and SNMP Pollers groups to define basic exclusions for FA algorithms.
Review the list of FA algorithms in the Admin > Alarm Monitor > Flow Analytics Configuration and disable any algorithms that are irrelevant.
Define additional exclusions for individual algorithms in their configuration trays as needed.
Navigate to Admin > Alarm Monitor > Security Groups and add several Exporters each to the Core Exporters and Edge Exporters Security Groups.

Once the first batch of Exporters has been added, review the Alarm Monitor views to verify that Alarms and Events are being reported correctly. Afterwards, repeat Step 4 of the process and continue checking Alarms and Events until all Exporters have been added to Security Groups.

Note

If there are continuous or unnecessary Alarms or Events being reported, it may also be necessary to define additional exclusions for certain algorithms.

Further tuning

After the initial setup and testing have been completed, the Flow Analytics configuration can be further modified to adapt to changes in the Plixer Scrutinizer environment or finetune performance.

Hint

For more efficient reporting and/or analysis, create one or more Notification Profiles and associate them with the appropriate Alarm Policies.

The additional options related to Flow Analytics should also be reviewed and edited as necessary.