You are looking at documentation for an older release.
Not what you want? See the
current release documentation.
NetFlow fieldsedit
Fields from NetFlow and IPFIX flows.
netflowedit
Fields from NetFlow and IPFIX.
netflow.typeThe type of NetFlow record described by this event.
type: keyword
exporteredit
Metadata related to the exporter device that generated this record.
netflow.exporter.addressExporter’s network address in IP:port format.
type: keyword
netflow.exporter.source_idObservation domain ID to which this record belongs.
type: long
netflow.exporter.timestampTime and date of export.
type: date
netflow.exporter.uptime_millisHow long the exporter process has been running, in milliseconds.
type: long
netflow.exporter.versionNetFlow version used.
type: long
netflow.octet_delta_count- type: long
netflow.packet_delta_count- type: long
netflow.delta_flow_count- type: long
netflow.protocol_identifier- type: short
netflow.ip_class_of_service- type: short
netflow.tcp_control_bits- type: integer
netflow.source_transport_port- type: integer
netflow.source_ipv4_address- type: ip
netflow.source_ipv4_prefix_length- type: short
netflow.ingress_interface- type: long
netflow.destination_transport_port- type: integer
netflow.destination_ipv4_address- type: ip
netflow.destination_ipv4_prefix_length- type: short
netflow.egress_interface- type: long
netflow.ip_next_hop_ipv4_address- type: ip
netflow.bgp_source_as_number- type: long
netflow.bgp_destination_as_number- type: long
netflow.bgp_next_hop_ipv4_address- type: ip
netflow.post_mcast_packet_delta_count- type: long
netflow.post_mcast_octet_delta_count- type: long
netflow.flow_end_sys_up_time- type: long
netflow.flow_start_sys_up_time- type: long
netflow.post_octet_delta_count- type: long
netflow.post_packet_delta_count- type: long
netflow.minimum_ip_total_length- type: long
netflow.maximum_ip_total_length- type: long
netflow.source_ipv6_address- type: ip
netflow.destination_ipv6_address- type: ip
netflow.source_ipv6_prefix_length- type: short
netflow.destination_ipv6_prefix_length- type: short
netflow.flow_label_ipv6- type: long
netflow.icmp_type_code_ipv4- type: integer
netflow.igmp_type- type: short
netflow.sampling_interval- type: long
netflow.sampling_algorithm- type: short
netflow.flow_active_timeout- type: integer
netflow.flow_idle_timeout- type: integer
netflow.engine_type- type: short
netflow.engine_id- type: short
netflow.exported_octet_total_count- type: long
netflow.exported_message_total_count- type: long
netflow.exported_flow_record_total_count- type: long
netflow.ipv4_router_sc- type: ip
netflow.source_ipv4_prefix- type: ip
netflow.destination_ipv4_prefix- type: ip
netflow.mpls_top_label_type- type: short
netflow.mpls_top_label_ipv4_address- type: ip
netflow.sampler_id- type: short
netflow.sampler_mode- type: short
netflow.sampler_random_interval- type: long
netflow.class_id- type: short
netflow.minimum_ttl- type: short
netflow.maximum_ttl- type: short
netflow.fragment_identification- type: long
netflow.post_ip_class_of_service- type: short
netflow.source_mac_address- type: keyword
netflow.post_destination_mac_address- type: keyword
netflow.vlan_id- type: integer
netflow.post_vlan_id- type: integer
netflow.ip_version- type: short
netflow.flow_direction- type: short
netflow.ip_next_hop_ipv6_address- type: ip
netflow.bgp_next_hop_ipv6_address- type: ip
netflow.ipv6_extension_headers- type: long
netflow.mpls_top_label_stack_section- type: short
netflow.mpls_label_stack_section2- type: short
netflow.mpls_label_stack_section3- type: short
netflow.mpls_label_stack_section4- type: short
netflow.mpls_label_stack_section5- type: short
netflow.mpls_label_stack_section6- type: short
netflow.mpls_label_stack_section7- type: short
netflow.mpls_label_stack_section8- type: short
netflow.mpls_label_stack_section9- type: short
netflow.mpls_label_stack_section10- type: short
netflow.destination_mac_address- type: keyword
netflow.post_source_mac_address- type: keyword
netflow.interface_name- type: keyword
netflow.interface_description- type: keyword
netflow.sampler_name- type: keyword
netflow.octet_total_count- type: long
netflow.packet_total_count- type: long
netflow.flags_and_sampler_id- type: long
netflow.fragment_offset- type: integer
netflow.forwarding_status- type: short
netflow.mpls_vpn_route_distinguisher- type: short
netflow.mpls_top_label_prefix_length- type: short
netflow.src_traffic_index- type: long
netflow.dst_traffic_index- type: long
netflow.application_description- type: keyword
netflow.application_id- type: short
netflow.application_name- type: keyword
netflow.post_ip_diff_serv_code_point- type: short
netflow.multicast_replication_factor- type: long
netflow.class_name- type: keyword
netflow.classification_engine_id- type: short
netflow.layer2packet_section_offset- type: integer
netflow.layer2packet_section_size- type: integer
netflow.layer2packet_section_data- type: short
netflow.bgp_next_adjacent_as_number- type: long
netflow.bgp_prev_adjacent_as_number- type: long
netflow.exporter_ipv4_address- type: ip
netflow.exporter_ipv6_address- type: ip
netflow.dropped_octet_delta_count- type: long
netflow.dropped_packet_delta_count- type: long
netflow.dropped_octet_total_count- type: long
netflow.dropped_packet_total_count- type: long
netflow.flow_end_reason- type: short
netflow.common_properties_id- type: long
netflow.observation_point_id- type: long
netflow.icmp_type_code_ipv6- type: integer
netflow.mpls_top_label_ipv6_address- type: ip
netflow.line_card_id- type: long
netflow.port_id- type: long
netflow.metering_process_id- type: long
netflow.exporting_process_id- type: long
netflow.template_id- type: integer
netflow.wlan_channel_id- type: short
netflow.wlan_ssid- type: keyword
netflow.flow_id- type: long
netflow.observation_domain_id- type: long
netflow.flow_start_seconds- type: date
netflow.flow_end_seconds- type: date
netflow.flow_start_milliseconds- type: date
netflow.flow_end_milliseconds- type: date
netflow.flow_start_microseconds- type: date
netflow.flow_end_microseconds- type: date
netflow.flow_start_nanoseconds- type: date
netflow.flow_end_nanoseconds- type: date
netflow.flow_start_delta_microseconds- type: long
netflow.flow_end_delta_microseconds- type: long
netflow.system_init_time_milliseconds- type: date
netflow.flow_duration_milliseconds- type: long
netflow.flow_duration_microseconds- type: long
netflow.observed_flow_total_count- type: long
netflow.ignored_packet_total_count- type: long
netflow.ignored_octet_total_count- type: long
netflow.not_sent_flow_total_count- type: long
netflow.not_sent_packet_total_count- type: long
netflow.not_sent_octet_total_count- type: long
netflow.destination_ipv6_prefix- type: ip
netflow.source_ipv6_prefix- type: ip
netflow.post_octet_total_count- type: long
netflow.post_packet_total_count- type: long
netflow.flow_key_indicator- type: long
netflow.post_mcast_packet_total_count- type: long
netflow.post_mcast_octet_total_count- type: long
netflow.icmp_type_ipv4- type: short
netflow.icmp_code_ipv4- type: short
netflow.icmp_type_ipv6- type: short
netflow.icmp_code_ipv6- type: short
netflow.udp_source_port- type: integer
netflow.udp_destination_port- type: integer
netflow.tcp_source_port- type: integer
netflow.tcp_destination_port- type: integer
netflow.tcp_sequence_number- type: long
netflow.tcp_acknowledgement_number- type: long
netflow.tcp_window_size- type: integer
netflow.tcp_urgent_pointer- type: integer
netflow.tcp_header_length- type: short
netflow.ip_header_length- type: short
netflow.total_length_ipv4- type: integer
netflow.payload_length_ipv6- type: integer
netflow.ip_ttl- type: short
netflow.next_header_ipv6- type: short
netflow.mpls_payload_length- type: long
netflow.ip_diff_serv_code_point- type: short
netflow.ip_precedence- type: short
netflow.fragment_flags- type: short
netflow.octet_delta_sum_of_squares- type: long
netflow.octet_total_sum_of_squares- type: long
netflow.mpls_top_label_ttl- type: short
netflow.mpls_label_stack_length- type: long
netflow.mpls_label_stack_depth- type: long
netflow.mpls_top_label_exp- type: short
netflow.ip_payload_length- type: long
netflow.udp_message_length- type: integer
netflow.is_multicast- type: short
netflow.ipv4_ihl- type: short
netflow.ipv4_options- type: long
netflow.tcp_options- type: long
netflow.padding_octets- type: short
netflow.collector_ipv4_address- type: ip
netflow.collector_ipv6_address- type: ip
netflow.export_interface- type: long
netflow.export_protocol_version- type: short
netflow.export_transport_protocol- type: short
netflow.collector_transport_port- type: integer
netflow.exporter_transport_port- type: integer
netflow.tcp_syn_total_count- type: long
netflow.tcp_fin_total_count- type: long
netflow.tcp_rst_total_count- type: long
netflow.tcp_psh_total_count- type: long
netflow.tcp_ack_total_count- type: long
netflow.tcp_urg_total_count- type: long
netflow.ip_total_length- type: long
netflow.post_nast_ource_ipv4_address- type: ip
netflow.post_nadt_estination_ipv4_address- type: ip
netflow.post_napst_ource_transport_port- type: integer
netflow.post_napdt_estination_transport_port- type: integer
netflow.nat_originating_address_realm- type: short
netflow.nat_event- type: short
netflow.initiator_octets- type: long
netflow.responder_octets- type: long
netflow.firewall_event- type: short
netflow.ingress_vrfid- type: long
netflow.egress_vrfid- type: long
netflow.vr_fname- type: keyword
netflow.post_mpls_top_label_exp- type: short
netflow.tcp_window_scale- type: integer
netflow.biflow_direction- type: short
netflow.ethernet_header_length- type: short
netflow.ethernet_payload_length- type: integer
netflow.ethernet_total_length- type: integer
netflow.dot1q_vlan_id- type: integer
netflow.dot1q_priority- type: short
netflow.dot1q_customer_vlan_id- type: integer
netflow.dot1q_customer_priority- type: short
netflow.metro_evc_id- type: keyword
netflow.metro_evc_type- type: short
netflow.pseudo_wire_id- type: long
netflow.pseudo_wire_type- type: integer
netflow.pseudo_wire_control_word- type: long
netflow.ingress_physical_interface- type: long
netflow.egress_physical_interface- type: long
netflow.post_dot1q_vlan_id- type: integer
netflow.post_dot1q_customer_vlan_id- type: integer
netflow.ethernet_type- type: integer
netflow.post_ip_precedence- type: short
netflow.collection_time_milliseconds- type: date
netflow.export_sctp_stream_id- type: integer
netflow.max_export_seconds- type: date
netflow.max_flow_end_seconds- type: date
netflow.message_md5_checksum- type: short
netflow.message_scope- type: short
netflow.min_export_seconds- type: date
netflow.min_flow_start_seconds- type: date
netflow.opaque_octets- type: short
netflow.session_scope- type: short
netflow.max_flow_end_microseconds- type: date
netflow.max_flow_end_milliseconds- type: date
netflow.max_flow_end_nanoseconds- type: date
netflow.min_flow_start_microseconds- type: date
netflow.min_flow_start_milliseconds- type: date
netflow.min_flow_start_nanoseconds- type: date
netflow.collector_certificate- type: short
netflow.exporter_certificate- type: short
netflow.data_records_reliability- type: boolean
netflow.observation_point_type- type: short
netflow.new_connection_delta_count- type: long
netflow.connection_sum_duration_seconds- type: long
netflow.connection_transaction_id- type: long
netflow.post_nast_ource_ipv6_address- type: ip
netflow.post_nadt_estination_ipv6_address- type: ip
netflow.nat_pool_id- type: long
netflow.nat_pool_name- type: keyword
netflow.anonymization_flags- type: integer
netflow.anonymization_technique- type: integer
netflow.information_element_index- type: integer
netflow.p2p_technology- type: keyword
netflow.tunnel_technology- type: keyword
netflow.encrypted_technology- type: keyword
netflow.bgp_validity_state- type: short
netflow.ip_sec_spi- type: long
netflow.gre_key- type: long
netflow.nat_type- type: short
netflow.initiator_packets- type: long
netflow.responder_packets- type: long
netflow.observation_domain_name- type: keyword
netflow.selection_sequence_id- type: long
netflow.selector_id- type: long
netflow.information_element_id- type: integer
netflow.selector_algorithm- type: integer
netflow.sampling_packet_interval- type: long
netflow.sampling_packet_space- type: long
netflow.sampling_time_interval- type: long
netflow.sampling_time_space- type: long
netflow.sampling_size- type: long
netflow.sampling_population- type: long
netflow.sampling_probability- type: double
netflow.data_link_frame_size- type: integer
netflow.ip_header_packet_section- type: short
netflow.ip_payload_packet_section- type: short
netflow.data_link_frame_section- type: short
netflow.mpls_label_stack_section- type: short
netflow.mpls_payload_packet_section- type: short
netflow.selector_id_total_pkts_observed- type: long
netflow.selector_id_total_pkts_selected- type: long
netflow.absolute_error- type: double
netflow.relative_error- type: double
netflow.observation_time_seconds- type: date
netflow.observation_time_milliseconds- type: date
netflow.observation_time_microseconds- type: date
netflow.observation_time_nanoseconds- type: date
netflow.digest_hash_value- type: long
netflow.hash_ipp_ayload_offset- type: long
netflow.hash_ipp_ayload_size- type: long
netflow.hash_output_range_min- type: long
netflow.hash_output_range_max- type: long
netflow.hash_selected_range_min- type: long
netflow.hash_selected_range_max- type: long
netflow.hash_digest_output- type: boolean
netflow.hash_initialiser_value- type: long
netflow.selector_name- type: keyword
netflow.upper_cli_imit- type: double
netflow.lower_cli_imit- type: double
netflow.confidence_level- type: double
netflow.information_element_data_type- type: short
netflow.information_element_description- type: keyword
netflow.information_element_name- type: keyword
netflow.information_element_range_begin- type: long
netflow.information_element_range_end- type: long
netflow.information_element_semantics- type: short
netflow.information_element_units- type: integer
netflow.private_enterprise_number- type: long
netflow.virtual_station_interface_id- type: short
netflow.virtual_station_interface_name- type: keyword
netflow.virtual_station_uuid- type: short
netflow.virtual_station_name- type: keyword
netflow.layer2_segment_id- type: long
netflow.layer2_octet_delta_count- type: long
netflow.layer2_octet_total_count- type: long
netflow.ingress_unicast_packet_total_count- type: long
netflow.ingress_multicast_packet_total_count- type: long
netflow.ingress_broadcast_packet_total_count- type: long
netflow.egress_unicast_packet_total_count- type: long
netflow.egress_broadcast_packet_total_count- type: long
netflow.monitoring_interval_start_milli_seconds- type: date
netflow.monitoring_interval_end_milli_seconds- type: date
netflow.port_range_start- type: integer
netflow.port_range_end- type: integer
netflow.port_range_step_size- type: integer
netflow.port_range_num_ports- type: integer
netflow.sta_mac_address- type: keyword
netflow.sta_ipv4_address- type: ip
netflow.wtp_mac_address- type: keyword
netflow.ingress_interface_type- type: long
netflow.egress_interface_type- type: long
netflow.rtp_sequence_number- type: integer
netflow.user_name- type: keyword
netflow.application_category_name- type: keyword
netflow.application_sub_category_name- type: keyword
netflow.application_group_name- type: keyword
netflow.original_flows_present- type: long
netflow.original_flows_initiated- type: long
netflow.original_flows_completed- type: long
netflow.distinct_count_of_sourc_eipa_ddress- type: long
netflow.distinct_count_of_destinatio_nipa_ddress- type: long
netflow.distinct_count_of_source_ipv4_address- type: long
netflow.distinct_count_of_destination_ipv4_address- type: long
netflow.distinct_count_of_source_ipv6_address- type: long
netflow.distinct_count_of_destination_ipv6_address- type: long
netflow.value_distribution_method- type: short
netflow.rfc3550_jitter_milliseconds- type: long
netflow.rfc3550_jitter_microseconds- type: long
netflow.rfc3550_jitter_nanoseconds- type: long
netflow.dot1q_dei- type: boolean
netflow.dot1q_customer_dei- type: boolean
netflow.flow_selector_algorithm- type: integer
netflow.flow_selected_octet_delta_count- type: long
netflow.flow_selected_packet_delta_count- type: long
netflow.flow_selected_flow_delta_count- type: long
netflow.selector_itd_otal_flows_observed- type: long
netflow.selector_itd_otal_flows_selected- type: long
netflow.sampling_flow_interval- type: long
netflow.sampling_flow_spacing- type: long
netflow.flow_sampling_time_interval- type: long
netflow.flow_sampling_time_spacing- type: long
netflow.hash_flow_domain- type: integer
netflow.transport_octet_delta_count- type: long
netflow.transport_packet_delta_count- type: long
netflow.original_exporter_ipv4_address- type: ip
netflow.original_exporter_ipv6_address- type: ip
netflow.original_observation_domain_id- type: long
netflow.intermediate_process_id- type: long
netflow.ignored_data_record_total_count- type: long
netflow.data_link_frame_type- type: integer
netflow.section_offset- type: integer
netflow.section_exported_octets- type: integer
netflow.dot1q_service_instance_tag- type: short
netflow.dot1q_service_instance_id- type: long
netflow.dot1q_service_instance_priority- type: short
netflow.dot1q_customer_source_mac_address- type: keyword
netflow.dot1q_customer_destination_mac_address- type: keyword
netflow.post_layer2_octet_delta_count- type: long
netflow.post_mcast_layer2_octet_delta_count- type: long
netflow.post_layer2_octet_total_count- type: long
netflow.post_mcast_layer2_octet_total_count- type: long
netflow.minimum_layer2_total_length- type: long
netflow.maximum_layer2_total_length- type: long
netflow.dropped_layer2_octet_delta_count- type: long
netflow.dropped_layer2_octet_total_count- type: long
netflow.ignored_layer2_octet_total_count- type: long
netflow.not_sent_layer2_octet_total_count- type: long
netflow.layer2_octet_delta_sum_of_squares- type: long
netflow.layer2_octet_total_sum_of_squares- type: long
netflow.layer2_frame_delta_count- type: long
netflow.layer2_frame_total_count- type: long
netflow.pseudo_wire_destination_ipv4_address- type: ip
netflow.ignored_layer2_frame_total_count- type: long
netflow.mib_object_value_integer- type: integer
netflow.mib_object_value_octet_string- type: short
netflow.mib_object_value_oid- type: short
netflow.mib_object_value_bits- type: short
netflow.mib_object_valuei_pa_ddress- type: ip
netflow.mib_object_value_counter- type: long
netflow.mib_object_value_gauge- type: long
netflow.mib_object_value_time_ticks- type: long
netflow.mib_object_value_unsigned- type: long
netflow.mib_object_identifier- type: short
netflow.mib_sub_identifier- type: long
netflow.mib_index_indicator- type: long
netflow.mib_capture_time_semantics- type: short
netflow.mib_context_engine_id- type: short
netflow.mib_context_name- type: keyword
netflow.mib_object_name- type: keyword
netflow.mib_object_description- type: keyword
netflow.mib_object_syntax- type: keyword
netflow.mib_module_name- type: keyword
netflow.mobile_imsi- type: keyword
netflow.mobile_msisdn- type: keyword
netflow.http_status_code- type: integer
netflow.source_transport_ports_limit- type: integer
netflow.http_request_method- type: keyword
netflow.http_request_host- type: keyword
netflow.http_request_target- type: keyword
netflow.http_message_version- type: keyword
netflow.nat_instance_id- type: long
netflow.internal_address_realm- type: short
netflow.external_address_realm- type: short
netflow.nat_quota_exceeded_event- type: long
netflow.nat_threshold_event- type: long
netflow.http_user_agent- type: keyword
netflow.http_content_type- type: keyword
netflow.http_reason_phrase- type: keyword
netflow.max_session_entries- type: long
netflow.max_bieb_ntries- type: long
netflow.max_entries_per_user- type: long
netflow.max_subscribers- type: long
netflow.max_fragments_pending_reassembly- type: long
netflow.address_pool_high_threshold- type: long
netflow.address_pool_low_threshold- type: long
netflow.address_port_mapping_high_threshold- type: long
netflow.address_port_mapping_low_threshold- type: long
netflow.address_port_mapping_per_user_high_threshold- type: long
netflow.global_address_mapping_high_threshold- type: long
netflow.vpn_identifier- type: short