NetFlow fieldsedit

Fields from NetFlow and IPFIX flows.

netflow fieldsedit

Fields from NetFlow and IPFIX.

netflow.type

type: keyword

The type of NetFlow record described by this event.

exporter fieldsedit

Metadata related to the exporter device that generated this record.

netflow.exporter.address

type: keyword

Exporter’s network address in IP:port format.

netflow.exporter.source_id

type: long

Observation domain ID to which this record belongs.

netflow.exporter.timestamp

type: date

Time and date of export.

netflow.exporter.uptime_millis

type: long

How long the exporter process has been running, in milliseconds.

netflow.exporter.version

type: long

NetFlow version used.

netflow.octet_delta_count
type: long
netflow.packet_delta_count
type: long
netflow.delta_flow_count
type: long
netflow.protocol_identifier
type: short
netflow.ip_class_of_service
type: short
netflow.tcp_control_bits
type: integer
netflow.source_transport_port
type: integer
netflow.source_ipv4_address
type: ip
netflow.source_ipv4_prefix_length
type: short
netflow.ingress_interface
type: long
netflow.destination_transport_port
type: integer
netflow.destination_ipv4_address
type: ip
netflow.destination_ipv4_prefix_length
type: short
netflow.egress_interface
type: long
netflow.ip_next_hop_ipv4_address
type: ip
netflow.bgp_source_as_number
type: long
netflow.bgp_destination_as_number
type: long
netflow.bgp_next_hop_ipv4_address
type: ip
netflow.post_mcast_packet_delta_count
type: long
netflow.post_mcast_octet_delta_count
type: long
netflow.flow_end_sys_up_time
type: long
netflow.flow_start_sys_up_time
type: long
netflow.post_octet_delta_count
type: long
netflow.post_packet_delta_count
type: long
netflow.minimum_ip_total_length
type: long
netflow.maximum_ip_total_length
type: long
netflow.source_ipv6_address
type: ip
netflow.destination_ipv6_address
type: ip
netflow.source_ipv6_prefix_length
type: short
netflow.destination_ipv6_prefix_length
type: short
netflow.flow_label_ipv6
type: long
netflow.icmp_type_code_ipv4
type: integer
netflow.igmp_type
type: short
netflow.sampling_interval
type: long
netflow.sampling_algorithm
type: short
netflow.flow_active_timeout
type: integer
netflow.flow_idle_timeout
type: integer
netflow.engine_type
type: short
netflow.engine_id
type: short
netflow.exported_octet_total_count
type: long
netflow.exported_message_total_count
type: long
netflow.exported_flow_record_total_count
type: long
netflow.ipv4_router_sc
type: ip
netflow.source_ipv4_prefix
type: ip
netflow.destination_ipv4_prefix
type: ip
netflow.mpls_top_label_type
type: short
netflow.mpls_top_label_ipv4_address
type: ip
netflow.sampler_id
type: short
netflow.sampler_mode
type: short
netflow.sampler_random_interval
type: long
netflow.class_id
type: short
netflow.minimum_ttl
type: short
netflow.maximum_ttl
type: short
netflow.fragment_identification
type: long
netflow.post_ip_class_of_service
type: short
netflow.source_mac_address
type: keyword
netflow.post_destination_mac_address
type: keyword
netflow.vlan_id
type: integer
netflow.post_vlan_id
type: integer
netflow.ip_version
type: short
netflow.flow_direction
type: short
netflow.ip_next_hop_ipv6_address
type: ip
netflow.bgp_next_hop_ipv6_address
type: ip
netflow.ipv6_extension_headers
type: long
netflow.mpls_top_label_stack_section
type: short
netflow.mpls_label_stack_section2
type: short
netflow.mpls_label_stack_section3
type: short
netflow.mpls_label_stack_section4
type: short
netflow.mpls_label_stack_section5
type: short
netflow.mpls_label_stack_section6
type: short
netflow.mpls_label_stack_section7
type: short
netflow.mpls_label_stack_section8
type: short
netflow.mpls_label_stack_section9
type: short
netflow.mpls_label_stack_section10
type: short
netflow.destination_mac_address
type: keyword
netflow.post_source_mac_address
type: keyword
netflow.interface_name
type: keyword
netflow.interface_description
type: keyword
netflow.sampler_name
type: keyword
netflow.octet_total_count
type: long
netflow.packet_total_count
type: long
netflow.flags_and_sampler_id
type: long
netflow.fragment_offset
type: integer
netflow.forwarding_status
type: short
netflow.mpls_vpn_route_distinguisher
type: short
netflow.mpls_top_label_prefix_length
type: short
netflow.src_traffic_index
type: long
netflow.dst_traffic_index
type: long
netflow.application_description
type: keyword
netflow.application_id
type: short
netflow.application_name
type: keyword
netflow.post_ip_diff_serv_code_point
type: short
netflow.multicast_replication_factor
type: long
netflow.class_name
type: keyword
netflow.classification_engine_id
type: short
netflow.layer2packet_section_offset
type: integer
netflow.layer2packet_section_size
type: integer
netflow.layer2packet_section_data
type: short
netflow.bgp_next_adjacent_as_number
type: long
netflow.bgp_prev_adjacent_as_number
type: long
netflow.exporter_ipv4_address
type: ip
netflow.exporter_ipv6_address
type: ip
netflow.dropped_octet_delta_count
type: long
netflow.dropped_packet_delta_count
type: long
netflow.dropped_octet_total_count
type: long
netflow.dropped_packet_total_count
type: long
netflow.flow_end_reason
type: short
netflow.common_properties_id
type: long
netflow.observation_point_id
type: long
netflow.icmp_type_code_ipv6
type: integer
netflow.mpls_top_label_ipv6_address
type: ip
netflow.line_card_id
type: long
netflow.port_id
type: long
netflow.metering_process_id
type: long
netflow.exporting_process_id
type: long
netflow.template_id
type: integer
netflow.wlan_channel_id
type: short
netflow.wlan_ssid
type: keyword
netflow.flow_id
type: long
netflow.observation_domain_id
type: long
netflow.flow_start_seconds
type: date
netflow.flow_end_seconds
type: date
netflow.flow_start_milliseconds
type: date
netflow.flow_end_milliseconds
type: date
netflow.flow_start_microseconds
type: date
netflow.flow_end_microseconds
type: date
netflow.flow_start_nanoseconds
type: date
netflow.flow_end_nanoseconds
type: date
netflow.flow_start_delta_microseconds
type: long
netflow.flow_end_delta_microseconds
type: long
netflow.system_init_time_milliseconds
type: date
netflow.flow_duration_milliseconds
type: long
netflow.flow_duration_microseconds
type: long
netflow.observed_flow_total_count
type: long
netflow.ignored_packet_total_count
type: long
netflow.ignored_octet_total_count
type: long
netflow.not_sent_flow_total_count
type: long
netflow.not_sent_packet_total_count
type: long
netflow.not_sent_octet_total_count
type: long
netflow.destination_ipv6_prefix
type: ip
netflow.source_ipv6_prefix
type: ip
netflow.post_octet_total_count
type: long
netflow.post_packet_total_count
type: long
netflow.flow_key_indicator
type: long
netflow.post_mcast_packet_total_count
type: long
netflow.post_mcast_octet_total_count
type: long
netflow.icmp_type_ipv4
type: short
netflow.icmp_code_ipv4
type: short
netflow.icmp_type_ipv6
type: short
netflow.icmp_code_ipv6
type: short
netflow.udp_source_port
type: integer
netflow.udp_destination_port
type: integer
netflow.tcp_source_port
type: integer
netflow.tcp_destination_port
type: integer
netflow.tcp_sequence_number
type: long
netflow.tcp_acknowledgement_number
type: long
netflow.tcp_window_size
type: integer
netflow.tcp_urgent_pointer
type: integer
netflow.tcp_header_length
type: short
netflow.ip_header_length
type: short
netflow.total_length_ipv4
type: integer
netflow.payload_length_ipv6
type: integer
netflow.ip_ttl
type: short
netflow.next_header_ipv6
type: short
netflow.mpls_payload_length
type: long
netflow.ip_diff_serv_code_point
type: short
netflow.ip_precedence
type: short
netflow.fragment_flags
type: short
netflow.octet_delta_sum_of_squares
type: long
netflow.octet_total_sum_of_squares
type: long
netflow.mpls_top_label_ttl
type: short
netflow.mpls_label_stack_length
type: long
netflow.mpls_label_stack_depth
type: long
netflow.mpls_top_label_exp
type: short
netflow.ip_payload_length
type: long
netflow.udp_message_length
type: integer
netflow.is_multicast
type: short
netflow.ipv4_ihl
type: short
netflow.ipv4_options
type: long
netflow.tcp_options
type: long
netflow.padding_octets
type: short
netflow.collector_ipv4_address
type: ip
netflow.collector_ipv6_address
type: ip
netflow.export_interface
type: long
netflow.export_protocol_version
type: short
netflow.export_transport_protocol
type: short
netflow.collector_transport_port
type: integer
netflow.exporter_transport_port
type: integer
netflow.tcp_syn_total_count
type: long
netflow.tcp_fin_total_count
type: long
netflow.tcp_rst_total_count
type: long
netflow.tcp_psh_total_count
type: long
netflow.tcp_ack_total_count
type: long
netflow.tcp_urg_total_count
type: long
netflow.ip_total_length
type: long
netflow.post_nast_ource_ipv4_address
type: ip
netflow.post_nadt_estination_ipv4_address
type: ip
netflow.post_napst_ource_transport_port
type: integer
netflow.post_napdt_estination_transport_port
type: integer
netflow.nat_originating_address_realm
type: short
netflow.nat_event
type: short
netflow.initiator_octets
type: long
netflow.responder_octets
type: long
netflow.firewall_event
type: short
netflow.ingress_vrfid
type: long
netflow.egress_vrfid
type: long
netflow.vr_fname
type: keyword
netflow.post_mpls_top_label_exp
type: short
netflow.tcp_window_scale
type: integer
netflow.biflow_direction
type: short
netflow.ethernet_header_length
type: short
netflow.ethernet_payload_length
type: integer
netflow.ethernet_total_length
type: integer
netflow.dot1q_vlan_id
type: integer
netflow.dot1q_priority
type: short
netflow.dot1q_customer_vlan_id
type: integer
netflow.dot1q_customer_priority
type: short
netflow.metro_evc_id
type: keyword
netflow.metro_evc_type
type: short
netflow.pseudo_wire_id
type: long
netflow.pseudo_wire_type
type: integer
netflow.pseudo_wire_control_word
type: long
netflow.ingress_physical_interface
type: long
netflow.egress_physical_interface
type: long
netflow.post_dot1q_vlan_id
type: integer
netflow.post_dot1q_customer_vlan_id
type: integer
netflow.ethernet_type
type: integer
netflow.post_ip_precedence
type: short
netflow.collection_time_milliseconds
type: date
netflow.export_sctp_stream_id
type: integer
netflow.max_export_seconds
type: date
netflow.max_flow_end_seconds
type: date
netflow.message_md5_checksum
type: short
netflow.message_scope
type: short
netflow.min_export_seconds
type: date
netflow.min_flow_start_seconds
type: date
netflow.opaque_octets
type: short
netflow.session_scope
type: short
netflow.max_flow_end_microseconds
type: date
netflow.max_flow_end_milliseconds
type: date
netflow.max_flow_end_nanoseconds
type: date
netflow.min_flow_start_microseconds
type: date
netflow.min_flow_start_milliseconds
type: date
netflow.min_flow_start_nanoseconds
type: date
netflow.collector_certificate
type: short
netflow.exporter_certificate
type: short
netflow.data_records_reliability
type: boolean
netflow.observation_point_type
type: short
netflow.new_connection_delta_count
type: long
netflow.connection_sum_duration_seconds
type: long
netflow.connection_transaction_id
type: long
netflow.post_nast_ource_ipv6_address
type: ip
netflow.post_nadt_estination_ipv6_address
type: ip
netflow.nat_pool_id
type: long
netflow.nat_pool_name
type: keyword
netflow.anonymization_flags
type: integer
netflow.anonymization_technique
type: integer
netflow.information_element_index
type: integer
netflow.p2p_technology
type: keyword
netflow.tunnel_technology
type: keyword
netflow.encrypted_technology
type: keyword
netflow.bgp_validity_state
type: short
netflow.ip_sec_spi
type: long
netflow.gre_key
type: long
netflow.nat_type
type: short
netflow.initiator_packets
type: long
netflow.responder_packets
type: long
netflow.observation_domain_name
type: keyword
netflow.selection_sequence_id
type: long
netflow.selector_id
type: long
netflow.information_element_id
type: integer
netflow.selector_algorithm
type: integer
netflow.sampling_packet_interval
type: long
netflow.sampling_packet_space
type: long
netflow.sampling_time_interval
type: long
netflow.sampling_time_space
type: long
netflow.sampling_size
type: long
netflow.sampling_population
type: long
netflow.sampling_probability
type: double
netflow.data_link_frame_size
type: integer
netflow.ip_header_packet_section
type: short
netflow.ip_payload_packet_section
type: short
netflow.data_link_frame_section
type: short
netflow.mpls_label_stack_section
type: short
netflow.mpls_payload_packet_section
type: short
netflow.selector_id_total_pkts_observed
type: long
netflow.selector_id_total_pkts_selected
type: long
netflow.absolute_error
type: double
netflow.relative_error
type: double
netflow.observation_time_seconds
type: date
netflow.observation_time_milliseconds
type: date
netflow.observation_time_microseconds
type: date
netflow.observation_time_nanoseconds
type: date
netflow.digest_hash_value
type: long
netflow.hash_ipp_ayload_offset
type: long
netflow.hash_ipp_ayload_size
type: long
netflow.hash_output_range_min
type: long
netflow.hash_output_range_max
type: long
netflow.hash_selected_range_min
type: long
netflow.hash_selected_range_max
type: long
netflow.hash_digest_output
type: boolean
netflow.hash_initialiser_value
type: long
netflow.selector_name
type: keyword
netflow.upper_cli_imit
type: double
netflow.lower_cli_imit
type: double
netflow.confidence_level
type: double
netflow.information_element_data_type
type: short
netflow.information_element_description
type: keyword
netflow.information_element_name
type: keyword
netflow.information_element_range_begin
type: long
netflow.information_element_range_end
type: long
netflow.information_element_semantics
type: short
netflow.information_element_units
type: integer
netflow.private_enterprise_number
type: long
netflow.virtual_station_interface_id
type: short
netflow.virtual_station_interface_name
type: keyword
netflow.virtual_station_uuid
type: short
netflow.virtual_station_name
type: keyword
netflow.layer2_segment_id
type: long
netflow.layer2_octet_delta_count
type: long
netflow.layer2_octet_total_count
type: long
netflow.ingress_unicast_packet_total_count
type: long
netflow.ingress_multicast_packet_total_count
type: long
netflow.ingress_broadcast_packet_total_count
type: long
netflow.egress_unicast_packet_total_count
type: long
netflow.egress_broadcast_packet_total_count
type: long
netflow.monitoring_interval_start_milli_seconds
type: date
netflow.monitoring_interval_end_milli_seconds
type: date
netflow.port_range_start
type: integer
netflow.port_range_end
type: integer
netflow.port_range_step_size
type: integer
netflow.port_range_num_ports
type: integer
netflow.sta_mac_address
type: keyword
netflow.sta_ipv4_address
type: ip
netflow.wtp_mac_address
type: keyword
netflow.ingress_interface_type
type: long
netflow.egress_interface_type
type: long
netflow.rtp_sequence_number
type: integer
netflow.user_name
type: keyword
netflow.application_category_name
type: keyword
netflow.application_sub_category_name
type: keyword
netflow.application_group_name
type: keyword
netflow.original_flows_present
type: long
netflow.original_flows_initiated
type: long
netflow.original_flows_completed
type: long
netflow.distinct_count_of_sourc_eipa_ddress
type: long
netflow.distinct_count_of_destinatio_nipa_ddress
type: long
netflow.distinct_count_of_source_ipv4_address
type: long
netflow.distinct_count_of_destination_ipv4_address
type: long
netflow.distinct_count_of_source_ipv6_address
type: long
netflow.distinct_count_of_destination_ipv6_address
type: long
netflow.value_distribution_method
type: short
netflow.rfc3550_jitter_milliseconds
type: long
netflow.rfc3550_jitter_microseconds
type: long
netflow.rfc3550_jitter_nanoseconds
type: long
netflow.dot1q_dei
type: boolean
netflow.dot1q_customer_dei
type: boolean
netflow.flow_selector_algorithm
type: integer
netflow.flow_selected_octet_delta_count
type: long
netflow.flow_selected_packet_delta_count
type: long
netflow.flow_selected_flow_delta_count
type: long
netflow.selector_itd_otal_flows_observed
type: long
netflow.selector_itd_otal_flows_selected
type: long
netflow.sampling_flow_interval
type: long
netflow.sampling_flow_spacing
type: long
netflow.flow_sampling_time_interval
type: long
netflow.flow_sampling_time_spacing
type: long
netflow.hash_flow_domain
type: integer
netflow.transport_octet_delta_count
type: long
netflow.transport_packet_delta_count
type: long
netflow.original_exporter_ipv4_address
type: ip
netflow.original_exporter_ipv6_address
type: ip
netflow.original_observation_domain_id
type: long
netflow.intermediate_process_id
type: long
netflow.ignored_data_record_total_count
type: long
netflow.data_link_frame_type
type: integer
netflow.section_offset
type: integer
netflow.section_exported_octets
type: integer
netflow.dot1q_service_instance_tag
type: short
netflow.dot1q_service_instance_id
type: long
netflow.dot1q_service_instance_priority
type: short
netflow.dot1q_customer_source_mac_address
type: keyword
netflow.dot1q_customer_destination_mac_address
type: keyword
netflow.post_layer2_octet_delta_count
type: long
netflow.post_mcast_layer2_octet_delta_count
type: long
netflow.post_layer2_octet_total_count
type: long
netflow.post_mcast_layer2_octet_total_count
type: long
netflow.minimum_layer2_total_length
type: long
netflow.maximum_layer2_total_length
type: long
netflow.dropped_layer2_octet_delta_count
type: long
netflow.dropped_layer2_octet_total_count
type: long
netflow.ignored_layer2_octet_total_count
type: long
netflow.not_sent_layer2_octet_total_count
type: long
netflow.layer2_octet_delta_sum_of_squares
type: long
netflow.layer2_octet_total_sum_of_squares
type: long
netflow.layer2_frame_delta_count
type: long
netflow.layer2_frame_total_count
type: long
netflow.pseudo_wire_destination_ipv4_address
type: ip
netflow.ignored_layer2_frame_total_count
type: long
netflow.mib_object_value_integer
type: integer
netflow.mib_object_value_octet_string
type: short
netflow.mib_object_value_oid
type: short
netflow.mib_object_value_bits
type: short
netflow.mib_object_valuei_pa_ddress
type: ip
netflow.mib_object_value_counter
type: long
netflow.mib_object_value_gauge
type: long
netflow.mib_object_value_time_ticks
type: long
netflow.mib_object_value_unsigned
type: long
netflow.mib_object_identifier
type: short
netflow.mib_sub_identifier
type: long
netflow.mib_index_indicator
type: long
netflow.mib_capture_time_semantics
type: short
netflow.mib_context_engine_id
type: short
netflow.mib_context_name
type: keyword
netflow.mib_object_name
type: keyword
netflow.mib_object_description
type: keyword
netflow.mib_object_syntax
type: keyword
netflow.mib_module_name
type: keyword
netflow.mobile_imsi
type: keyword
netflow.mobile_msisdn
type: keyword
netflow.http_status_code
type: integer
netflow.source_transport_ports_limit
type: integer
netflow.http_request_method
type: keyword
netflow.http_request_host
type: keyword
netflow.http_request_target
type: keyword
netflow.http_message_version
type: keyword
netflow.nat_instance_id
type: long
netflow.internal_address_realm
type: short
netflow.external_address_realm
type: short
netflow.nat_quota_exceeded_event
type: long
netflow.nat_threshold_event
type: long
netflow.http_user_agent
type: keyword
netflow.http_content_type
type: keyword
netflow.http_reason_phrase
type: keyword
netflow.max_session_entries
type: long
netflow.max_bieb_ntries
type: long
netflow.max_entries_per_user
type: long
netflow.max_subscribers
type: long
netflow.max_fragments_pending_reassembly
type: long
netflow.address_pool_high_threshold
type: long
netflow.address_pool_low_threshold
type: long
netflow.address_port_mapping_high_threshold
type: long
netflow.address_port_mapping_low_threshold
type: long
netflow.address_port_mapping_per_user_high_threshold
type: long
netflow.global_address_mapping_high_threshold
type: long
netflow.vpn_identifier
type: short