Collect flow records

You can automatically collect and store all flow records, which are network-layer communications between two devices over an IP protocol. If you enable this setting, but do not add any IP addresses or port ranges, all detected flow records are captured. Configuring flow records for automatic collection is fairly straight-forward and can be a good way to test connectivity to your recordstore.

1. Log in to the Administration settings on the ExtraHop system through https://<extrahop-hostname-or-IP-address>/admin.
2. In the Records section, click Automatic Flow Records.
3. Select the Enabled checkbox.
4. In the Publish Interval field, type a number between 60 and 21600.
   This value determines how often records from an active flow are sent to the recordstore. The default value is 1800 seconds.
5. In the IP Address field, type a single IP address or IP address range in IPv4, IPv6, or CIDR format.
6. Click the green plus (+) icon.
   You can remove an entry by clicking the red delete (X) icon.
7. In the Port Ranges field, type a single port or port range, and then click the green plus (+) icon.
8. Click Save.
   Flow records that meet your criteria are now automatically sent to your configured recordstore. Wait a few minutes for records to be collected.
9. In the ExtraHop system, click Records from the top menu, and then click View Records to start a query.
   If you do not see any records, wait a few minutes and try again. If no records appear after five minutes, review your configuration or contact ExtraHop Support.