You may see an issue where you see large spikes in 1 minute resolution data that is far above the maximum bandwidth on the interface. However if you look at 15 minute resolution data, you may not see as large of a spike in data.
An example of this is below. Where the max bandwidth of the interface is 1.54 Mpbs, however the data is spiking over 20 Mpbs.
This can be found on any version of RA or NFA because it stems from a data problem on the device.
This happens when the Netflow data coming into NFA from the Netflow enabled device is not being sent once every minute.
NFA calculates data every minute and so requires that each flow be only 1 minute in length. If you have it set to anything higher or don't have it set at all, then when NFA receives a flow, the flow data itself could be for 2 min worth or more of traffic on the interface or more, but NFA will assume it is for the last minute only. This will cause the interface to show more data than it can handle for that minute.
This is often far more visible in 1 minute resolution data than it is in 15 minute resolution data.
To resolve this issue make sure the setting below, or the equivalent setting on your specific device, is set.
ip flow-cache timeout active 1
For flexible Netflow the command may be like below:
cache timeout active 1
It is usually best to check with the device vendor for the exact command for your device.
Also see TEC562174 for other common Netflow configuration errors.