Hi
Firstly, apologies for asking what may seem a very out of date and newb question. Secondly, thanks for any help in advance.
I recently found that we have an installation of CA NFA 9.2.0 which is collecting data. Too much data. After much faff, I managed to block the unwanted devices from sending netflow data to our collector and removed the irrelevant devices.
We have a three tiers - Harvester, Reporter (if that is the correct terminology) and a performance center instance.
The issue we have is that we have Splunk running in the estate and the port priority is incorrect because it uses port 9997. we have added the port to the port priorities tab and added it as an application definition, as well as naming the port from TCP-9997 to Splunk. the issue is that we still get multiple source ports shown as the "service" when viewing both interface level data and reports. The manual for 9.2.0 doesn't even mention the port priorities function!
Can anyone help - is there some sort of workaround or procedure that needs to be undertaken to make it work after adding it?
I noticed in version 9.3.2 (3, 4,5, ,6) there seem to be known issues with port priorities but as this is an older version I wondered if anyone had an personal experience or a workaround?
andy