Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
488
Views
1
Helpful
1
Replies

Stealthwatch flow search duration

rajdeep
Level 1
Level 1

‎04-25-2023 05:51 AM

Stealthwatch flow duration time declare the sesion establishment timing for perticular source ip to destination ip and service.

If the connection will stop for 5 min stealthwatch will show the session is stoped and show the time accordingly in flow duration.

But In real time scenerio I oftenly faced that some flow duration was showing more than 1 week which was not possible. Kindly help me to understand the possible flow types for this.

Thanks in advanced.

Labels:
0 Helpful
1 Reply 1

lohan
Cisco Employee
Cisco Employee

‎05-08-2023 05:55 AM

Hi rajdeep,

Not sure if there was a cache issue or not, you may try to clear the cache or open it in a "incognito window" to have a test.

Additionally, there is a way that you can have one more test:

When you get the flow duration was showing more than 1 week, using the same time filter in the Stealthwatch Desktop Java Client to research the flow.
And compare the data, if the flow record is same as WebUI.

If the issue still happen, please kindly upload the screenshots to check more info.
Thanks in advanced.

If you find my reply solved your question or issue, kindly click the 'Accept as Solution' button and vote it as helpful.

You can also learn more about Secure Network Analytics (formerly known as Stealthwatch) through our live Ask the Experts (ATXs) session. Check out Cisco Network Security ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-network-security-ask-the-experts-resources/ta-p/4416493] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.
 

Customers Also Viewed These Support Documents