In one embodiment, a service monitors collection of telemetry data by a telemetry exporter in a network. The telemetry exporter collects the telemetry data from a plurality of interfaces via which a plurality of encrypted traffic flows flow. The telemetry exporter also sends the collected telemetry data to a traffic analysis service for analysis. The service determines that a cost associated with the collection of the telemetry data by the telemetry exporter exceeds a cost threshold. The service selects a subset of the interfaces from which telemetry data is to be captured by the telemetry exporter, based in part on a determination that the cost associated with the collection of the telemetry data exceeds the cost threshold. The service controls the telemetry exporter to collect telemetry data from a subset of the plurality of encrypted traffic flows that use the selected subset of interfaces.