Filter
Top Products
2-10
Cisco NetFlow Collector User Guide
OL-11399-01
Chapter 2 Using the NetFlow Collector User Interface
Configuration
The top item in the tree is the name of the threshold. Directly beneath this is a top-level threshold
condition or expression. Add the top-level threshold condition or expression by selecting Add condition
or Add expression when the top item is selected. If the top-level threshold condition or expression
evaluates to true when the threshold is evaluated, a threshold-crossing log is created. See the “Creating
a Threshold” section on page 4-26 for more information about thresholds.
A threshold expression contains two or more expressions or conditions. Arbitrarily complex threshold
evaluation logic can be specified in this way.
When creating a threshold condition, specify:
• Whether the comparison is greater than, less than, equals, or not-equals
• Which key or value is compared
Directly beneath the threshold condition is one or more value or range items. These determine the set of
target values to which the comparison is applied. Add a value or range to the threshold condition by
selecting Value or Range. For an integer condition, only integer values and ranges can be entered; only
IP address values can be entered for address conditions.
Boolean logic is applied to two or more conditions using an expression. An expression can also appear
within an expression in place of a condition.
To create an expression, specify the logical operator and, or, not-and, or not-or and select Add
expression. An expression must contain at least two other conditions or expressions.
The conditions and expressions within an expression are evaluated in top-down order. Evaluation
performance for an expression can be optimized by placing conditions and expressions which are more
likely to occur closer to the top. Select an item then select Move to move the item up until it reaches the
top; selecting Move again cycles the item to the bottom.
Any item in the tree including the items beneath it can be removed by selecting Remove. Pressing the
back button on the browser also causes any changes to be discarded.
Note Remove items with care because no cut, paste, or undo capability is provided. Changes are not
committed until you select Update Threshold or Remove Threshold.
The symbol ! at the beginning of any item in the tree indicates that the configuration specified at that
level of the tree is incomplete and must be updated before the threshold can be added or updated.
Fields
Fields represent individual items of data exported by a device in a NetFlow flow, and are the building
blocks upon which the keys and values referenced by aggregation schemes are based.
Clicking on the Fields folder of the NFC UI navigation tree displays a table of currently defined fields
as shown in Figure 2-8. ClickEdit to modify a specific field, or Remove to remove a selected field. Click
Add Field to bring up an empty form for defining a new field.
Aliases, alternate names for fields, are also shown in the navigation tree and table and can be added when
a field is defined or modified