Submit a ticketCall us

Overcome IP Address Management Challenges in VMware Environments
You rely on your virtual machines, but can you quickly manage their IP addresses? Download the FREE ebook for guidance on how to save time and avoid network disruptions through automated IP address management for vRealize Orchestrator/vRealize Automation. Learn More.

Home > Success Center > Netflow Traffic Analyzer (NTA) > NTA 4.2.3 Administrator Guide > NTA reports > Best practices for SolarWinds NTA reports

Best practices for SolarWinds NTA reports

Table of contents
No headers
Created by Lori Krell_ret, last modified by Alexandra.Nerpasova on Oct 24, 2016

Views: 590 Votes: 0 Revisions: 5

To solve performance issues caused by custom reports, consider the following recommendations. If appropriate, a SWQL code example is attached.

The recommendations are valid for SolarWinds NTA 4.1 and newer with SolarWinds NPM 11.5 and newer.

  • To optimize the speed of executing reports and to optimize the performance, add the ID columns for all appropriate objects to the report. If you do not want to see these columns in the report, hide them.


  • Do not query all data from NTA Flow Storage Database, use the Top XX Results to cover the most significant traffic. Every filter that limits data speeds up the report.

    SWQL Example: Data limitation

    The following query limits the report to show top 10 nodes only:

    SELECT TOP 10 [T1].[NodeID], SUM([T1].[TotalBytes]) AS TotalBytes

    FROM Orion.NetFlow.Flows AS T1

    ORDER BY TotalBytes DESC

  • Limit the data by time. If a query in SWQL does not use a time limit, all available data are queried. To query only the last hour, use the value 0.04167, which is calculated as 1 day/24 hours.

    SWQL Example: Time condition in SWQL

    The following query limits the report to show top 100 nodes during the last day:

    SELECT TOP 100 [T1].[NodeID], [T1].[InterfaceIDTx], [T1].[InterfaceIDRx], SUM([T1].[TotalBytes]) AS TotalBytes FROM Orion.NetFlow.Flows AS T1

    WHERE ([T1].[TimeStamp] >= (GetUTCDate() - 0.04167))

    GROUP BY [T1].[NodeID], [T1].[InterfaceIDTx], [T1].[InterfaceIDRx]

    ORDER BY TotalBytes DESC

  • Test out a new report using a short time period. If a report with a short time period works out, and a longer time period causes the report to crash, there might be an issue with provided time periods.

    SWQL Example: Time condition in SWQL

    SELECT [T1].[ToSID], IngressBytes

    FROM Orion.NetFlow.Flows AS T1

    WHERE ([T1].[TimeStamp] >= (GetUTCDate() - 0.005))

  • Use aggregation functions.

    SWQL Example: Aggregation

    When you use aggregation in a SWQL query, all 'other' columns must be grouped. Reports created via the user interface group these columns automatically.

    SELECT SourceIP, DestinationIP, Port, Protocol, MAX(IngressBytes) AS IngressMaximum, MIN(IngressBytes) AS IngressMinimum

    FROM Orion.NetFlow.Flows

    GROUP BY SourceIP, DestinationIP, Port,Protocol

  • Comments in SWQL

    If you are adding comments in SWQL, start the comment on a separate line and add an extra line after the comment.

    Generally, you can place comments anywhere. Comments are started by a double dash sign (--); a comment is everything on one line which comes after the -- sign, up to the end of the line.

Last modified