Fields from NetFlow and IPFIX flows.
netflow
Fields from NetFlow and IPFIX.
-
netflow.type -
The type of NetFlow record described by this event.
type: keyword
exporter
Metadata related to the exporter device that generated this record.
-
netflow.exporter.address -
Exporter’s network address in IP:port format.
type: keyword
-
netflow.exporter.source_id -
Observation domain ID to which this record belongs.
type: long
-
netflow.exporter.timestamp -
Time and date of export.
type: date
-
netflow.exporter.uptime_millis -
How long the exporter process has been running, in milliseconds.
type: long
-
netflow.exporter.version -
NetFlow version used.
type: long
-
netflow.octet_delta_count -
type: long
-
netflow.packet_delta_count -
type: long
-
netflow.delta_flow_count -
type: long
-
netflow.protocol_identifier -
type: short
-
netflow.ip_class_of_service -
type: short
-
netflow.tcp_control_bits -
type: integer
-
netflow.source_transport_port -
type: integer
-
netflow.source_ipv4_address -
type: ip
-
netflow.source_ipv4_prefix_length -
type: short
-
netflow.ingress_interface -
type: long
-
netflow.destination_transport_port -
type: integer
-
netflow.destination_ipv4_address -
type: ip
-
netflow.destination_ipv4_prefix_length -
type: short
-
netflow.egress_interface -
type: long
-
netflow.ip_next_hop_ipv4_address -
type: ip
-
netflow.bgp_source_as_number -
type: long
-
netflow.bgp_destination_as_number -
type: long
-
netflow.bgp_next_hop_ipv4_address -
type: ip
-
netflow.post_mcast_packet_delta_count -
type: long
-
netflow.post_mcast_octet_delta_count -
type: long
-
netflow.flow_end_sys_up_time -
type: long
-
netflow.flow_start_sys_up_time -
type: long
-
netflow.post_octet_delta_count -
type: long
-
netflow.post_packet_delta_count -
type: long
-
netflow.minimum_ip_total_length -
type: long
-
netflow.maximum_ip_total_length -
type: long
-
netflow.source_ipv6_address -
type: ip
-
netflow.destination_ipv6_address -
type: ip
-
netflow.source_ipv6_prefix_length -
type: short
-
netflow.destination_ipv6_prefix_length -
type: short
-
netflow.flow_label_ipv6 -
type: long
-
netflow.icmp_type_code_ipv4 -
type: integer
-
netflow.igmp_type -
type: short
-
netflow.sampling_interval -
type: long
-
netflow.sampling_algorithm -
type: short
-
netflow.flow_active_timeout -
type: integer
-
netflow.flow_idle_timeout -
type: integer
-
netflow.engine_type -
type: short
-
netflow.engine_id -
type: short
-
netflow.exported_octet_total_count -
type: long
-
netflow.exported_message_total_count -
type: long
-
netflow.exported_flow_record_total_count -
type: long
-
netflow.ipv4_router_sc -
type: ip
-
netflow.source_ipv4_prefix -
type: ip
-
netflow.destination_ipv4_prefix -
type: ip
-
netflow.mpls_top_label_type -
type: short
-
netflow.mpls_top_label_ipv4_address -
type: ip
-
netflow.sampler_id -
type: short
-
netflow.sampler_mode -
type: short
-
netflow.sampler_random_interval -
type: long
-
netflow.class_id -
type: short
-
netflow.minimum_ttl -
type: short
-
netflow.maximum_ttl -
type: short
-
netflow.fragment_identification -
type: long
-
netflow.post_ip_class_of_service -
type: short
-
netflow.source_mac_address -
type: keyword
-
netflow.post_destination_mac_address -
type: keyword
-
netflow.vlan_id -
type: integer
-
netflow.post_vlan_id -
type: integer
-
netflow.ip_version -
type: short
-
netflow.flow_direction -
type: short
-
netflow.ip_next_hop_ipv6_address -
type: ip
-
netflow.bgp_next_hop_ipv6_address -
type: ip
-
netflow.ipv6_extension_headers -
type: long
-
netflow.mpls_top_label_stack_section -
type: short
-
netflow.mpls_label_stack_section2 -
type: short
-
netflow.mpls_label_stack_section3 -
type: short
-
netflow.mpls_label_stack_section4 -
type: short
-
netflow.mpls_label_stack_section5 -
type: short
-
netflow.mpls_label_stack_section6 -
type: short
-
netflow.mpls_label_stack_section7 -
type: short
-
netflow.mpls_label_stack_section8 -
type: short
-
netflow.mpls_label_stack_section9 -
type: short
-
netflow.mpls_label_stack_section10 -
type: short
-
netflow.destination_mac_address -
type: keyword
-
netflow.post_source_mac_address -
type: keyword
-
netflow.interface_name -
type: keyword
-
netflow.interface_description -
type: keyword
-
netflow.sampler_name -
type: keyword
-
netflow.octet_total_count -
type: long
-
netflow.packet_total_count -
type: long
-
netflow.flags_and_sampler_id -
type: long
-
netflow.fragment_offset -
type: integer
-
netflow.forwarding_status -
type: short
-
netflow.mpls_vpn_route_distinguisher -
type: short
-
netflow.mpls_top_label_prefix_length -
type: short
-
netflow.src_traffic_index -
type: long
-
netflow.dst_traffic_index -
type: long
-
netflow.application_description -
type: keyword
-
netflow.application_id -
type: short
-
netflow.application_name -
type: keyword
-
netflow.post_ip_diff_serv_code_point -
type: short
-
netflow.multicast_replication_factor -
type: long
-
netflow.class_name -
type: keyword
-
netflow.classification_engine_id -
type: short
-
netflow.layer2packet_section_offset -
type: integer
-
netflow.layer2packet_section_size -
type: integer
-
netflow.layer2packet_section_data -
type: short
-
netflow.bgp_next_adjacent_as_number -
type: long
-
netflow.bgp_prev_adjacent_as_number -
type: long
-
netflow.exporter_ipv4_address -
type: ip
-
netflow.exporter_ipv6_address -
type: ip
-
netflow.dropped_octet_delta_count -
type: long
-
netflow.dropped_packet_delta_count -
type: long
-
netflow.dropped_octet_total_count -
type: long
-
netflow.dropped_packet_total_count -
type: long
-
netflow.flow_end_reason -
type: short
-
netflow.common_properties_id -
type: long
-
netflow.observation_point_id -
type: long
-
netflow.icmp_type_code_ipv6 -
type: integer
-
netflow.mpls_top_label_ipv6_address -
type: ip
-
netflow.line_card_id -
type: long
-
netflow.port_id -
type: long
-
netflow.metering_process_id -
type: long
-
netflow.exporting_process_id -
type: long
-
netflow.template_id -
type: integer
-
netflow.wlan_channel_id -
type: short
-
netflow.wlan_ssid -
type: keyword
-
netflow.flow_id -
type: long
-
netflow.observation_domain_id -
type: long
-
netflow.flow_start_seconds -
type: date
-
netflow.flow_end_seconds -
type: date
-
netflow.flow_start_milliseconds -
type: date
-
netflow.flow_end_milliseconds -
type: date
-
netflow.flow_start_microseconds -
type: date
-
netflow.flow_end_microseconds -
type: date
-
netflow.flow_start_nanoseconds -
type: date
-
netflow.flow_end_nanoseconds -
type: date
-
netflow.flow_start_delta_microseconds -
type: long
-
netflow.flow_end_delta_microseconds -
type: long
-
netflow.system_init_time_milliseconds -
type: date
-
netflow.flow_duration_milliseconds -
type: long
-
netflow.flow_duration_microseconds -
type: long
-
netflow.observed_flow_total_count -
type: long
-
netflow.ignored_packet_total_count -
type: long
-
netflow.ignored_octet_total_count -
type: long
-
netflow.not_sent_flow_total_count -
type: long
-
netflow.not_sent_packet_total_count -
type: long
-
netflow.not_sent_octet_total_count -
type: long
-
netflow.destination_ipv6_prefix -
type: ip
-
netflow.source_ipv6_prefix -
type: ip
-
netflow.post_octet_total_count -
type: long
-
netflow.post_packet_total_count -
type: long
-
netflow.flow_key_indicator -
type: long
-
netflow.post_mcast_packet_total_count -
type: long
-
netflow.post_mcast_octet_total_count -
type: long
-
netflow.icmp_type_ipv4 -
type: short
-
netflow.icmp_code_ipv4 -
type: short
-
netflow.icmp_type_ipv6 -
type: short
-
netflow.icmp_code_ipv6 -
type: short
-
netflow.udp_source_port -
type: integer
-
netflow.udp_destination_port -
type: integer
-
netflow.tcp_source_port -
type: integer
-
netflow.tcp_destination_port -
type: integer
-
netflow.tcp_sequence_number -
type: long
-
netflow.tcp_acknowledgement_number -
type: long
-
netflow.tcp_window_size -
type: integer
-
netflow.tcp_urgent_pointer -
type: integer
-
netflow.tcp_header_length -
type: short
-
netflow.ip_header_length -
type: short
-
netflow.total_length_ipv4 -
type: integer
-
netflow.payload_length_ipv6 -
type: integer
-
netflow.ip_ttl -
type: short
-
netflow.next_header_ipv6 -
type: short
-
netflow.mpls_payload_length -
type: long
-
netflow.ip_diff_serv_code_point -
type: short
-
netflow.ip_precedence -
type: short
-
netflow.fragment_flags -
type: short
-
netflow.octet_delta_sum_of_squares -
type: long
-
netflow.octet_total_sum_of_squares -
type: long
-
netflow.mpls_top_label_ttl -
type: short
-
netflow.mpls_label_stack_length -
type: long
-
netflow.mpls_label_stack_depth -
type: long
-
netflow.mpls_top_label_exp -
type: short
-
netflow.ip_payload_length -
type: long
-
netflow.udp_message_length -
type: integer
-
netflow.is_multicast -
type: short
-
netflow.ipv4_ihl -
type: short
-
netflow.ipv4_options -
type: long
-
netflow.tcp_options -
type: long
-
netflow.padding_octets -
type: short
-
netflow.collector_ipv4_address -
type: ip
-
netflow.collector_ipv6_address -
type: ip
-
netflow.export_interface -
type: long
-
netflow.export_protocol_version -
type: short
-
netflow.export_transport_protocol -
type: short
-
netflow.collector_transport_port -
type: integer
-
netflow.exporter_transport_port -
type: integer
-
netflow.tcp_syn_total_count -
type: long
-
netflow.tcp_fin_total_count -
type: long
-
netflow.tcp_rst_total_count -
type: long
-
netflow.tcp_psh_total_count -
type: long
-
netflow.tcp_ack_total_count -
type: long
-
netflow.tcp_urg_total_count -
type: long
-
netflow.ip_total_length -
type: long
-
netflow.post_nast_ource_ipv4_address -
type: ip
-
netflow.post_nadt_estination_ipv4_address -
type: ip
-
netflow.post_napst_ource_transport_port -
type: integer
-
netflow.post_napdt_estination_transport_port -
type: integer
-
netflow.nat_originating_address_realm -
type: short
-
netflow.nat_event -
type: short
-
netflow.initiator_octets -
type: long
-
netflow.responder_octets -
type: long
-
netflow.firewall_event -
type: short
-
netflow.ingress_vrfid -
type: long
-
netflow.egress_vrfid -
type: long
-
netflow.vr_fname -
type: keyword
-
netflow.post_mpls_top_label_exp -
type: short
-
netflow.tcp_window_scale -
type: integer
-
netflow.biflow_direction -
type: short
-
netflow.ethernet_header_length -
type: short
-
netflow.ethernet_payload_length -
type: integer
-
netflow.ethernet_total_length -
type: integer
-
netflow.dot1q_vlan_id -
type: integer
-
netflow.dot1q_priority -
type: short
-
netflow.dot1q_customer_vlan_id -
type: integer
-
netflow.dot1q_customer_priority -
type: short
-
netflow.metro_evc_id -
type: keyword
-
netflow.metro_evc_type -
type: short
-
netflow.pseudo_wire_id -
type: long
-
netflow.pseudo_wire_type -
type: integer
-
netflow.pseudo_wire_control_word -
type: long
-
netflow.ingress_physical_interface -
type: long
-
netflow.egress_physical_interface -
type: long
-
netflow.post_dot1q_vlan_id -
type: integer
-
netflow.post_dot1q_customer_vlan_id -
type: integer
-
netflow.ethernet_type -
type: integer
-
netflow.post_ip_precedence -
type: short
-
netflow.collection_time_milliseconds -
type: date
-
netflow.export_sctp_stream_id -
type: integer
-
netflow.max_export_seconds -
type: date
-
netflow.max_flow_end_seconds -
type: date
-
netflow.message_md5_checksum -
type: short
-
netflow.message_scope -
type: short
-
netflow.min_export_seconds -
type: date
-
netflow.min_flow_start_seconds -
type: date
-
netflow.opaque_octets -
type: short
-
netflow.session_scope -
type: short
-
netflow.max_flow_end_microseconds -
type: date
-
netflow.max_flow_end_milliseconds -
type: date
-
netflow.max_flow_end_nanoseconds -
type: date
-
netflow.min_flow_start_microseconds -
type: date
-
netflow.min_flow_start_milliseconds -
type: date
-
netflow.min_flow_start_nanoseconds -
type: date
-
netflow.collector_certificate -
type: short
-
netflow.exporter_certificate -
type: short
-
netflow.data_records_reliability -
type: boolean
-
netflow.observation_point_type -
type: short
-
netflow.new_connection_delta_count -
type: long
-
netflow.connection_sum_duration_seconds -
type: long
-
netflow.connection_transaction_id -
type: long
-
netflow.post_nast_ource_ipv6_address -
type: ip
-
netflow.post_nadt_estination_ipv6_address -
type: ip
-
netflow.nat_pool_id -
type: long
-
netflow.nat_pool_name -
type: keyword
-
netflow.anonymization_flags -
type: integer
-
netflow.anonymization_technique -
type: integer
-
netflow.information_element_index -
type: integer
-
netflow.p2p_technology -
type: keyword
-
netflow.tunnel_technology -
type: keyword
-
netflow.encrypted_technology -
type: keyword
-
netflow.bgp_validity_state -
type: short
-
netflow.ip_sec_spi -
type: long
-
netflow.gre_key -
type: long
-
netflow.nat_type -
type: short
-
netflow.initiator_packets -
type: long
-
netflow.responder_packets -
type: long
-
netflow.observation_domain_name -
type: keyword
-
netflow.selection_sequence_id -
type: long
-
netflow.selector_id -
type: long
-
netflow.information_element_id -
type: integer
-
netflow.selector_algorithm -
type: integer
-
netflow.sampling_packet_interval -
type: long
-
netflow.sampling_packet_space -
type: long
-
netflow.sampling_time_interval -
type: long
-
netflow.sampling_time_space -
type: long
-
netflow.sampling_size -
type: long
-
netflow.sampling_population -
type: long
-
netflow.sampling_probability -
type: double
-
netflow.data_link_frame_size -
type: integer
-
netflow.ip_header_packet_section -
type: short
-
netflow.ip_payload_packet_section -
type: short
-
netflow.data_link_frame_section -
type: short
-
netflow.mpls_label_stack_section -
type: short
-
netflow.mpls_payload_packet_section -
type: short
-
netflow.selector_id_total_pkts_observed -
type: long
-
netflow.selector_id_total_pkts_selected -
type: long
-
netflow.absolute_error -
type: double
-
netflow.relative_error -
type: double
-
netflow.observation_time_seconds -
type: date
-
netflow.observation_time_milliseconds -
type: date
-
netflow.observation_time_microseconds -
type: date
-
netflow.observation_time_nanoseconds -
type: date
-
netflow.digest_hash_value -
type: long
-
netflow.hash_ipp_ayload_offset -
type: long
-
netflow.hash_ipp_ayload_size -
type: long
-
netflow.hash_output_range_min -
type: long
-
netflow.hash_output_range_max -
type: long
-
netflow.hash_selected_range_min -
type: long
-
netflow.hash_selected_range_max -
type: long
-
netflow.hash_digest_output -
type: boolean
-
netflow.hash_initialiser_value -
type: long
-
netflow.selector_name -
type: keyword
-
netflow.upper_cli_imit -
type: double
-
netflow.lower_cli_imit -
type: double
-
netflow.confidence_level -
type: double
-
netflow.information_element_data_type -
type: short
-
netflow.information_element_description -
type: keyword
-
netflow.information_element_name -
type: keyword
-
netflow.information_element_range_begin -
type: long
-
netflow.information_element_range_end -
type: long
-
netflow.information_element_semantics -
type: short
-
netflow.information_element_units -
type: integer
-
netflow.private_enterprise_number -
type: long
-
netflow.virtual_station_interface_id -
type: short
-
netflow.virtual_station_interface_name -
type: keyword
-
netflow.virtual_station_uuid -
type: short
-
netflow.virtual_station_name -
type: keyword
-
netflow.layer2_segment_id -
type: long
-
netflow.layer2_octet_delta_count -
type: long
-
netflow.layer2_octet_total_count -
type: long
-
netflow.ingress_unicast_packet_total_count -
type: long
-
netflow.ingress_multicast_packet_total_count -
type: long
-
netflow.ingress_broadcast_packet_total_count -
type: long
-
netflow.egress_unicast_packet_total_count -
type: long
-
netflow.egress_broadcast_packet_total_count -
type: long
-
netflow.monitoring_interval_start_milli_seconds -
type: date
-
netflow.monitoring_interval_end_milli_seconds -
type: date
-
netflow.port_range_start -
type: integer
-
netflow.port_range_end -
type: integer
-
netflow.port_range_step_size -
type: integer
-
netflow.port_range_num_ports -
type: integer
-
netflow.sta_mac_address -
type: keyword
-
netflow.sta_ipv4_address -
type: ip
-
netflow.wtp_mac_address -
type: keyword
-
netflow.ingress_interface_type -
type: long
-
netflow.egress_interface_type -
type: long
-
netflow.rtp_sequence_number -
type: integer
-
netflow.user_name -
type: keyword
-
netflow.application_category_name -
type: keyword
-
netflow.application_sub_category_name -
type: keyword
-
netflow.application_group_name -
type: keyword
-
netflow.original_flows_present -
type: long
-
netflow.original_flows_initiated -
type: long
-
netflow.original_flows_completed -
type: long
-
netflow.distinct_count_of_sourc_eipa_ddress -
type: long
-
netflow.distinct_count_of_destinatio_nipa_ddress -
type: long
-
netflow.distinct_count_of_source_ipv4_address -
type: long
-
netflow.distinct_count_of_destination_ipv4_address -
type: long
-
netflow.distinct_count_of_source_ipv6_address -
type: long
-
netflow.distinct_count_of_destination_ipv6_address -
type: long
-
netflow.value_distribution_method -
type: short
-
netflow.rfc3550_jitter_milliseconds -
type: long
-
netflow.rfc3550_jitter_microseconds -
type: long
-
netflow.rfc3550_jitter_nanoseconds -
type: long
-
netflow.dot1q_dei -
type: boolean
-
netflow.dot1q_customer_dei -
type: boolean
-
netflow.flow_selector_algorithm -
type: integer
-
netflow.flow_selected_octet_delta_count -
type: long
-
netflow.flow_selected_packet_delta_count -
type: long
-
netflow.flow_selected_flow_delta_count -
type: long
-
netflow.selector_itd_otal_flows_observed -
type: long
-
netflow.selector_itd_otal_flows_selected -
type: long
-
netflow.sampling_flow_interval -
type: long
-
netflow.sampling_flow_spacing -
type: long
-
netflow.flow_sampling_time_interval -
type: long
-
netflow.flow_sampling_time_spacing -
type: long
-
netflow.hash_flow_domain -
type: integer
-
netflow.transport_octet_delta_count -
type: long
-
netflow.transport_packet_delta_count -
type: long
-
netflow.original_exporter_ipv4_address -
type: ip
-
netflow.original_exporter_ipv6_address -
type: ip
-
netflow.original_observation_domain_id -
type: long
-
netflow.intermediate_process_id -
type: long
-
netflow.ignored_data_record_total_count -
type: long
-
netflow.data_link_frame_type -
type: integer
-
netflow.section_offset -
type: integer
-
netflow.section_exported_octets -
type: integer
-
netflow.dot1q_service_instance_tag -
type: short
-
netflow.dot1q_service_instance_id -
type: long
-
netflow.dot1q_service_instance_priority -
type: short
-
netflow.dot1q_customer_source_mac_address -
type: keyword
-
netflow.dot1q_customer_destination_mac_address -
type: keyword
-
netflow.post_layer2_octet_delta_count -
type: long
-
netflow.post_mcast_layer2_octet_delta_count -
type: long
-
netflow.post_layer2_octet_total_count -
type: long
-
netflow.post_mcast_layer2_octet_total_count -
type: long
-
netflow.minimum_layer2_total_length -
type: long
-
netflow.maximum_layer2_total_length -
type: long
-
netflow.dropped_layer2_octet_delta_count -
type: long
-
netflow.dropped_layer2_octet_total_count -
type: long
-
netflow.ignored_layer2_octet_total_count -
type: long
-
netflow.not_sent_layer2_octet_total_count -
type: long
-
netflow.layer2_octet_delta_sum_of_squares -
type: long
-
netflow.layer2_octet_total_sum_of_squares -
type: long
-
netflow.layer2_frame_delta_count -
type: long
-
netflow.layer2_frame_total_count -
type: long
-
netflow.pseudo_wire_destination_ipv4_address -
type: ip
-
netflow.ignored_layer2_frame_total_count -
type: long
-
netflow.mib_object_value_integer -
type: integer
-
netflow.mib_object_value_octet_string -
type: short
-
netflow.mib_object_value_oid -
type: short
-
netflow.mib_object_value_bits -
type: short
-
netflow.mib_object_valuei_pa_ddress -
type: ip
-
netflow.mib_object_value_counter -
type: long
-
netflow.mib_object_value_gauge -
type: long
-
netflow.mib_object_value_time_ticks -
type: long
-
netflow.mib_object_value_unsigned -
type: long
-
netflow.mib_object_identifier -
type: short
-
netflow.mib_sub_identifier -
type: long
-
netflow.mib_index_indicator -
type: long
-
netflow.mib_capture_time_semantics -
type: short
-
netflow.mib_context_engine_id -
type: short
-
netflow.mib_context_name -
type: keyword
-
netflow.mib_object_name -
type: keyword
-
netflow.mib_object_description -
type: keyword
-
netflow.mib_object_syntax -
type: keyword
-
netflow.mib_module_name -
type: keyword
-
netflow.mobile_imsi -
type: keyword
-
netflow.mobile_msisdn -
type: keyword
-
netflow.http_status_code -
type: integer
-
netflow.source_transport_ports_limit -
type: integer
-
netflow.http_request_method -
type: keyword
-
netflow.http_request_host -
type: keyword
-
netflow.http_request_target -
type: keyword
-
netflow.http_message_version -
type: keyword
-
netflow.nat_instance_id -
type: long
-
netflow.internal_address_realm -
type: short
-
netflow.external_address_realm -
type: short
-
netflow.nat_quota_exceeded_event -
type: long
-
netflow.nat_threshold_event -
type: long
-
netflow.http_user_agent -
type: keyword
-
netflow.http_content_type -
type: keyword
-
netflow.http_reason_phrase -
type: keyword
-
netflow.max_session_entries -
type: long
-
netflow.max_bieb_ntries -
type: long
-
netflow.max_entries_per_user -
type: long
-
netflow.max_subscribers -
type: long
-
netflow.max_fragments_pending_reassembly -
type: long
-
netflow.address_pool_high_threshold -
type: long
-
netflow.address_pool_low_threshold -
type: long
-
netflow.address_port_mapping_high_threshold -
type: long
-
netflow.address_port_mapping_low_threshold -
type: long
-
netflow.address_port_mapping_per_user_high_threshold -
type: long
-
netflow.global_address_mapping_high_threshold -
type: long
-
netflow.vpn_identifier -
type: short