Other than troubleshooting, how do you make use of your flow data?
Pinpoint traffic issues. Most issues are self inflicted by users.
How often do you look at flow data summaries, and in what form (on-demand via HTML form, automated reporting, CLI top-talkers, etc.)?
The Top xx Netflow Sources by % Utilization is always up and on the front page of Orion.
Summaries have the side effect of masking more granular data, i.e. smaller flows that might be interesting. In your view, is this a concern, and if so, how do you work around it?
As alerts come in we use NF to do the initial drill down. Flow Navigator is great!
How old does flow data have to get before it's no longer useful? For the sake of SQL, I was only keeping 7 days worth of flow data in NTA, assuming that it would be very unlikely I'd need to go back further than that. That was true most of the time, but there were times I wished I could dig back further.
A week of data is fine.
RT