We are monitoring the interface outside of a CISCO ASA. And the graph shows more traffic than the real one.

We have NFA:

Version:

NetOps 19.1 - CA Network Flow Analysis 10.0.2 (build27)

Release : 10.0

Component : NETWORK FLOW ANALYSIS DSA

NetFlow (routers): ip flow-cache timeout active 1
NetFlow (Catalyst switches): mls aging long 64
sFlow: polling interval 60
Netstream: ip netstream timeout active 1
J-Flow: ip flow-cache timeout active 1
This command has a significant impact on how the data is calculated.

The above mentioned examples each regulate the export of flows for their
respective devices.

With this configuration, you are specifying the device to export flow
records every minute. This is important to set up, since NFA
calculates utilization based on what it receives at 1 minute intervals.

If you forget to configure this, then your Cisco device, by default,
will try to export flows every 30 minutes or until the flow cache
becomes full, which will then bombard your collector with flows.
This could will impact interface utilization.