Analyzer error

[hoangvu304]

Hi @bitkeks ,
Thank for your app. I try it today, capture some packet from a ASR 1002 router netflow v9 export.
But when I analyzer .gz file, it's show error:
(p3venv) [vuht@dashboard python-netflow-v9-softflowd]$ python analyzer.py -f 1581912445.gz
Traceback (most recent call last):
File "analyzer.py", line 215, in
for flow in sorted(flows, key=lambda x: x["FIRST_SWITCHED"]):
File "analyzer.py", line 215, in
for flow in sorted(flows, key=lambda x: x["FIRST_SWITCHED"]):
KeyError: 'FIRST_SWITCHED'

[bitkeks]

Hi @hoangvu304,
sorry for the long delay! Do you still have your capture file? I'd be interested in seeing, which fields are actually contained in your exports. You could try to add a print(flows[0]) in line 242

python-netflow-v9-softflowd/analyzer.py

Lines 241 to 243 in f8c5717

	flows = data[key]["flows"]
	for flow in sorted(flows, key=lambda x: x["FIRST_SWITCHED"]):

This might reveal the fields. Sadly, the docs on the ASR 1002 do not state which fields are exported, but maybe we can figure out if there's another field that has the same effect (timestamp).
Or did you use "Flexible Netflow"? This seems to be an newer, extended NetFlow v9 implementation by Cisco which is configured differently.