Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
357
Views
0
Helpful
1
Replies

Cisco Network analytics. Delete unusable interfaces in exporters

dijix1990
VIP Alumni
VIP Alumni

‎03-15-2024 04:23 AM

Hi there.

Can cisco security analytics delete automatically unusable interfaces for exporters in a while?

dijix1990_0-1710501787871.png

 

Labels:
0 Helpful
1 Reply 1

wajidhassan
Level 4
Level 4

‎07-11-2025 09:02 AM


No — Cisco Secure Network Analytics (SNA) does not automatically delete unusable interfaces (e.g., inactive or orphaned interfaces from exporters) on its own.

However, here's what actually happens under the hood and what you can do about it:

What SNA Does with Unused or Stale Interfaces
1. Interfaces are Retained Even if Inactive
SNA stores metadata for every interface it learns from NetFlow, IPFIX, or other flow data.

If the flow source (exporter) stops sending flow for an interface, the interface becomes inactive, but not deleted.

2. You Can See Interface Status in the GUI
Go to:

Integration > Data Sources > Exporters > [select exporter] > Interfaces

Inactive interfaces are marked as gray or stale, but they're still stored.

No Built-In Cleanup or TTL (Time-to-Live)
There’s no automatic TTL or purging mechanism built into SNA/Stealthwatch to delete:

Orphaned interfaces (interfaces no longer reporting flow)

Exporters that haven’t been active for X days

These objects persist unless:

You manually delete them via the GUI or

You automate cleanup using the SNA REST API

What You Can Do
1. Manual Cleanup via GUI
You can go into:

Integration > Data Sources > Exporters

Delete inactive exporters

Remove unused interfaces manually from each exporter

This is tedious, but safe.

2. Automated Cleanup Using API (Advanced)
Use the SNA REST API to script interface or exporter cleanup.

Example process:

Call:

h
Copy
Edit
GET /tenants/{tenantId}/exporters
For each exporter, call:

http
Copy
Edit
GET /tenants/{tenantId}/exporters/{exporterId}/interfaces
Identify interfaces with 0 bytes/packets in last X days

Issue:

http
Copy
Edit
DELETE /tenants/{tenantId}/exporters/{exporterId}/interfaces/{interfaceId}
You’ll need to track when flow was last received — or cross-reference with flow reports or alarms to assess activity.

Bonus: Suppress Alerts from Unused Interfaces
If you're getting noisy alerts or alarms from dead interfaces:

You can disable alarming for individual interfaces

Or create policies to suppress alarms from certain exporter/interface pairs

Summary
Feature Supported?
Auto-delete unused interfaces No
Manual interface cleanup Yes (via GUI or API)
API-based cleanup automation Advanced, possible
Suppress alarms from stale interfaces Yes

0 Helpful
Customers Also Viewed These Support Documents