Depending on the composition of the traffic being extracted and whether the flows are unusually long, Security Analytics may drop the extractions.
You can customize the extractord.conf file and increased the following numbers from the default of 1000 slots.
The two values highlighted are the values that can be modified. By default, if the flow is larger than 1000 slots, then it will be skipped.
You need to be careful when modifying these values. The main side effect of increasing this value is that there might be a little bit more disk I/O, so when changing the setting, watch the System Health report "Disk Activity" to see if it spikes.
Increase the values slowly and then monitor. The file that needs to be modified is /etc/solera/extractor/extractord.conf. Once this file is changed, you will need to restart extractord service on the sensor for it to take effect:
service solera-extractord restart