Re: Service Provider NetFlow Collectors

[Tim Raphael <raphael.timothy () gmail com>]

This is correct, 

With a flow database you want to be able to say: “show me all HTTP traffic from subnet a.b.c.0/24” which requires you 
to either keep individual IPs or aggregate subnets. Combined with port and protocol data for both source and 
destination, the series count shoots way above 10M.

- Tim

> On 2 Jan 2019, at 20:20, Saku Ytti <saku () ytti fi> wrote:
>
> Hey Tim,
>
> > I would advise against InfluxDB in this case - flow data has a very high (and open) tag cardinality which is not 
> > suited to Influx (although their recently new index format has improved this).
>
> I'm not entirely sure I understand. Does this mean the permutations of
> tags are high, i.e. series count is high? If so, isn't this general
> problem and advice against all TSDBs? If so, I fully agree, you
> couldn't/shouldn't make for example IP addresses your tags,
> potentially creating 2**32*2 series without any other tags, it's
> rather non-sensical proposal in TSDB.
>
> Influx themselves comment that >10M series is likely infeasible. So
> you need unique tag combinations to be low millions at most.
> -- 
>  ++ytti