To add value to the existing NetFlow reporting I am trying to configure a custom report where it would possible to drill down from aggregated server names to a separate report that would then display the individual server IPs. Basically I am trying to replicate the behavior of going through Software Services, drilling down to any automatically discovered Software Service and then drilling down from any "Server from..." row using the "Servers (not aggregated)" link, with the only difference being I would also include the client IP as passed dimension. But there is either a dimension I am missing or something else wrong with my configuration, since the final report to show the individual server IPs ends up always empty.
I am aware of some of the limitation in doing this, such as only being able to show 2 hours maximum of data at a time (using the External server storage as Storage source dimension filter) but still need help. Please see the screenshots for the dimensions I am using and the drill down configuration used to go from the aggregated view to the individual view.
The system is on version 12.4.11.
Solved! Go to Solution.
Please take a close look at the Servers report. What you need is:
<fany_isOnDemandEnabled()> == 'true' && <Server name> ==~ 'Server from .*'
I checked what happens when I add "Link alias" and it still worked for me.
Can you share your report definitions with me (via email)?
Works like a charm! I believe it was the usage of "Server aggregated name" that I was struggling with. Also that conditional visibility is great to not get the drill down mixed with the servers that are showing the specific server IPs.
My only concern now is that the resulting report with the server IPs from the external server storage takes usually few minutes to load. Is this more tied to the way the data is handled or could this be somehow improved by changing the report definition or something else?
For some reason on some drill downs the results and up being empty as reported by the end-user. I am trying to establish a connection of the empty reports but can't pinpoint a common factor on the empty results. I will continue to investigate myself for now.