Flow queries that use firewall rule ID as a filter are either missing recent flows or don't fetch any results. Conversely, flow queries that use other parameters are missing firewall rule ID information in the flow details.

Raw Ipfix Record Rejection Stats from collector logs (var/log/arkin/flow-processor/flow-processor.STDOUT*) shows a lot of flows under the "NON_DOMAIN_NSXT_FLOWS" category. Example:

2025-10-10T22:50:xx.xxxxx INFO v2.helpers.IpfixRawFlowValidator five_tuple_task-4 printAndResetRejectionStats:426 Raw Ipfix Record Rejection Stats [file=/var/flows/vds/nfcapd/nfcapd.202510102249]: DENY_FLOWS:0 WRONG_REPORTING_POINT:29353 DATA_SOURCE_DISABLED:0 SESSION_NOT_ESTABLISHED:433808 NO_METRIC_DATA_4:0 NO_METRIC_DATA_6:0 ADDSTATE_WRONG_FLOW_TYPE:0 IPV6_LINK_LOCAL:0 NON_DOMAIN_NSXT_FLOWS:298084 UNSUPPORTED_IPV6_FLOW_TYPE:0 IPFIX_ENABLED_ON_ANOTHER_COLLECTOR:0 DENY_NSX_INTERNET_FLOWS:0 DENY_NSX_FLOWS_RULE_ID_BASED:0 DENY_NSX_FLOWS_PORT_THRESHOLD_BASED:0 

Following exceptions are being logged (in var/log/arkin/collector/collector*) suggesting a certificate match (for vCenter certificate; between what's present in AON and what's presented by vCenter) failure:

2025-10-16T11:55:xx.xxxxx ERROR security.ssl.CustomTrustManager ConnectionEntityManager-4 checkServerTrusted:119 certificate match failed in xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
...

2025-10-16T11:55:32.700Z WARN common.utils.CommonUtils ConnectionEntityManager-4 logException:2678 Connection retry attempt failed with : Retrying failed to complete successfully after 1 att
empts. : pool name : VCENTER_vc.xxxxxxxxxxxxxxxxxxx.xxxxxx.xxx.xxxxx.comf9d29fdb-5930-xxxx-8f96-xxxxxxxxxxx
...

Caused by: com.vnera.dataproviders.dsconnectionmanagement.exceptions.ConnectionStartException: Problem in starting connection. : https://vc.xxxxxxxxxxxxxxxxxxx.xxxxxx.xxx.xxxxx.com:443/sd

Since there is a mismatch between the certificate being presented by the data source and what AON has for this data source, which could happen after certificate was renewed for the data source, the new certificate needs to be accepted.

Check if there is any popup on the data source page to accept the certificate, if present, accept those certificates. Alternatively toggle the data source off & on and wait for sometime. For more details, refer to https://techdocs.broadcom.com/us/en/vmware-cis/aria/aria-operations-for-networks/6-14/vrealize-network-insight-ug-4-1-and-later-6-14/configuration/configure-data-source-certificate-validation/accept-a-data-source-certificate-manually.html