Submit a ticketCall us

Webinar: Web Help Desk for HR, Facilities and Accounting Departments
This webinar will focus on use cases for HR, Facilities and Accounting.

Having a unified ticketing and asset management system for all the departments in your company can provide end-users with a seamless experience and make things easier for your IT team. Yet, with different business tasks and objectives, many departments don’t fully understand the capabilities of Web Help Desk and how the software can be customized for effective use in their departments.
Register Now.

Home > Success Center > Netflow Traffic Analyzer (NTA) > NTA 4.2.3 Administrator Guide > NTA reports > Best practices for SolarWinds NTA reports

Best practices for SolarWinds NTA reports

Table of contents
No headers
Created by Lori Krell_ret, last modified by Alexandra.Nerpasova on Oct 24, 2016

Views: 39 Votes: 0 Revisions: 5

To solve performance issues caused by custom reports, consider the following recommendations. If appropriate, a SWQL code example is attached.

The recommendations are valid for SolarWinds NTA 4.1 and newer with SolarWinds NPM 11.5 and newer.

  • To optimize the speed of executing reports and to optimize the performance, add the ID columns for all appropriate objects to the report. If you do not want to see these columns in the report, hide them.


  • Do not query all data from NTA Flow Storage Database, use the Top XX Results to cover the most significant traffic. Every filter that limits data speeds up the report.

    SWQL Example: Data limitation

    The following query limits the report to show top 10 nodes only:

    SELECT TOP 10 [T1].[NodeID], SUM([T1].[TotalBytes]) AS TotalBytes

    FROM Orion.NetFlow.Flows AS T1

    ORDER BY TotalBytes DESC

  • Limit the data by time. If a query in SWQL does not use a time limit, all available data are queried. To query only the last hour, use the value 0.04167, which is calculated as 1 day/24 hours.

    SWQL Example: Time condition in SWQL

    The following query limits the report to show top 100 nodes during the last day:

    SELECT TOP 100 [T1].[NodeID], [T1].[InterfaceIDTx], [T1].[InterfaceIDRx], SUM([T1].[TotalBytes]) AS TotalBytes FROM Orion.NetFlow.Flows AS T1

    WHERE ([T1].[TimeStamp] >= (GetUTCDate() - 0.04167))

    GROUP BY [T1].[NodeID], [T1].[InterfaceIDTx], [T1].[InterfaceIDRx]

    ORDER BY TotalBytes DESC

  • Test out a new report using a short time period. If a report with a short time period works out, and a longer time period causes the report to crash, there might be an issue with provided time periods.

    SWQL Example: Time condition in SWQL

    SELECT [T1].[ToSID], IngressBytes

    FROM Orion.NetFlow.Flows AS T1

    WHERE ([T1].[TimeStamp] >= (GetUTCDate() - 0.005))

  • Use aggregation functions.

    SWQL Example: Aggregation

    When you use aggregation in a SWQL query, all 'other' columns must be grouped. Reports created via the user interface group these columns automatically.

    SELECT SourceIP, DestinationIP, Port, Protocol, MAX(IngressBytes) AS IngressMaximum, MIN(IngressBytes) AS IngressMinimum

    FROM Orion.NetFlow.Flows

    GROUP BY SourceIP, DestinationIP, Port,Protocol

  • Comments in SWQL

    If you are adding comments in SWQL, start the comment on a separate line and add an extra line after the comment.

    Generally, you can place comments anywhere. Comments are started by a double dash sign (--); a comment is everything on one line which comes after the -- sign, up to the end of the line.

Last modified
08:56, 24 Oct 2016