tshark expired flow drops to zero then spikes

tshark

asked 2022-03-11 03:23:04 +0000

Has anyone seen an ingestion profile like such that the expired flow rate drops to zero, then spikes, and fails. See the attached. The event is happening at different intervals, but normally every 2 to 3 hours.

edit retag flag offensive close merge delete

Comments

was not able to upload the data flow graph, but I have several that show the issue.

rgavin ( 2022-03-11 13:25:27 +0000 )edit

Could you give a bit more information since no image?

nelliott ( 2022-03-11 13:48:45 +0000 )edit

We are seeing this on multiple systems. We are not running out of memory or CPU. We are sending data into tshark as a pcap file written to stdin (with a -r flag).

hey - I know you! ;-)

Let me see if I can pull more details from the team.

rgavin ( 2022-03-11 18:21:56 +0000 )edit

add a comment

Be the first one to answer this question!

Please start posting anonymously - your entry will be published after you log in or create a new account.

tshark expired flow drops to zero then spikes

Comments

Be the first one to answer this question!

Question Tools

Stats

Related questions

tshark expired flow drops to zero then spikes edit

Comments

Be the first one to answer this question!

Question Tools

Stats

Related questions

tshark expired flow drops to zero then spikes