Any suggestions when if disabling Netflow isn't an option?  redundant environment.  Some PSNs behind LB, but not all.

First thing that comes to mind is that some platforms give you the ability to rate-limit the amount of Netflow data sent to the collector.  I would look to see if the platform you're using has that ability.

Regards,

-Tim

So the challenge with filtering Netflow for profiling purposes is chance you will not send the critical info needed to classify an endpoint. If newer Netflow code able to filter flows based on specific packet or protocol match, then that would be ideal.  Sampled Netflow would certainly increase chance of missing key traffic.

General best practices include:

• Limit Netflow export to specific interfaces where expecting devices of interest.  If using to catch anomalous traffic, then look for choke points. 
• It is generally better to use a simple flow with minimal key fields like 5-tuple (source/dest ip/port and protocol) to limit the number of individual flow records. 

I do cover some of this in original ISE Profiling Design Guide.  

@Jeff: The first question before enabling Netflow for profiling is "Is there a specific requirement that only Netflow can address".  Unless used to detect very specific types of endpoints or events, its use is typically not recommended due to potential of overrunning event queue.

If Netflow deemed critical for your use case, please reach out to internal Cisco teams for further discussion on how to best address this requirement.  If customer requiring this support, please direct request to your local sales team for escalation to internal teams.

/Craig

For anyone doing a google search for the error and trying to find Craig's link like I was, it has since been moved and looks like it lives here now: https://community.cisco.com/t5/security-knowledge-base/ise-profiling-design-guide/ta-p/3739456?dtid=osscdc000283