diff --git a/packages/netflow/_dev/deploy/docker/docker-compose.yml b/packages/netflow/_dev/deploy/docker/docker-compose.yml new file mode 100644 index 00000000000..7e5b552e64a --- /dev/null +++ b/packages/netflow/_dev/deploy/docker/docker-compose.yml @@ -0,0 +1,7 @@ +version: '2.3' +services: + netflow-log-netflow: + image: akroh/stream:v0.0.1 + volumes: + - ./sample_logs:/sample_logs:ro + command: pcap --start-signal=SIGHUP --delay=5s --addr elastic-agent:2055 -p=udp /sample_logs/ipfix_cisco.pcap diff --git a/packages/netflow/_dev/deploy/docker/sample_logs/ipfix_cisco.pcap b/packages/netflow/_dev/deploy/docker/sample_logs/ipfix_cisco.pcap new file mode 100644 index 00000000000..365e936d2ea Binary files /dev/null and b/packages/netflow/_dev/deploy/docker/sample_logs/ipfix_cisco.pcap differ diff --git a/packages/netflow/data_stream/log/_dev/test/system/test-netflow-config.yml b/packages/netflow/data_stream/log/_dev/test/system/test-netflow-config.yml new file mode 100644 index 00000000000..d55e2268d3c --- /dev/null +++ b/packages/netflow/data_stream/log/_dev/test/system/test-netflow-config.yml @@ -0,0 +1,9 @@ +service: netflow-log-netflow +service_notify_signal: SIGHUP +input: netflow +data_stream: + vars: + host: 0.0.0.0 + port: 2055 +numeric_keyword_fields: + - network.iana_number diff --git a/packages/netflow/data_stream/log/fields/package-fields.yml b/packages/netflow/data_stream/log/fields/package-fields.yml index 0947535c027..df1080f362f 100644 --- a/packages/netflow/data_stream/log/fields/package-fields.yml +++ b/packages/netflow/data_stream/log/fields/package-fields.yml @@ -947,3 +947,1781 @@ type: long - name: vpn_identifier type: short + - name: initial_tcp_flags + type: short + - name: union_tcp_flags + type: short + - name: payload + type: keyword + - name: reverse_flow_delta_milliseconds + type: long + - name: silk_app_label + type: integer + - name: payload_entropy + type: short + - name: os_name + type: keyword + - name: os_version + type: keyword + - name: first_packet_banner + type: keyword + - name: second_packet_banner + type: keyword + - name: flow_attributes + type: integer + - name: expired_fragment_count + type: long + - name: assembled_fragment_count + type: long + - name: mean_flow_rate + type: long + - name: mean_packet_rate + type: long + - name: flow_table_flush_event_count + type: long + - name: flow_table_peak_count + type: long + - name: os_finger_print + type: keyword + - name: tftp_filename + type: keyword + - name: tftp_mode + type: keyword + - name: dns_query_response + type: short + - name: dns_qr_type + type: integer + - name: dns_authoritative + type: short + - name: dns_nx_domain + type: short + - name: dns_rr_section + type: short + - name: dns_qname + type: keyword + - name: dns_cname + type: keyword + - name: dns_mx_preference + type: integer + - name: dns_mx_exchange + type: keyword + - name: dns_nsd_name + type: keyword + - name: dns_ptrd_name + type: keyword + - name: ssl_cipher + type: keyword + - name: ssl_client_version + type: short + - name: ssl_server_cipher + type: long + - name: ssl_compression_method + type: short + - name: ssl_cert_version + type: short + - name: ssl_cert_signature + type: keyword + - name: dns_ttl + type: long + - name: dns_txt_data + type: keyword + - name: dns_soa_serial + type: long + - name: dns_soa_refresh + type: long + - name: dns_soa_retry + type: long + - name: dns_soa_expire + type: long + - name: dns_soa_minimum + type: long + - name: dns_soam_name + type: keyword + - name: dns_soar_name + type: keyword + - name: dns_srv_priority + type: integer + - name: dns_srv_weight + type: integer + - name: dns_srv_port + type: integer + - name: dns_srv_target + type: integer + - name: tcp_urg_total_count + type: long + - name: dns_id + type: integer + - name: ssl_cert_serial_number + type: keyword + - name: ssl_object_type + type: keyword + - name: ssl_object_value + type: keyword + - name: ssl_cert_validity_not_before + type: keyword + - name: ssl_cert_validity_not_after + type: keyword + - name: ssl_public_key_algorithm + type: keyword + - name: ssl_public_key_length + type: keyword + - name: rtp_payload_type + type: short + - name: reverse_rtp_payload_type + type: short + - name: mptcp_initial_data_sequence_number + type: long + - name: mptcp_receiver_token + type: long + - name: mptcp_maximum_segment_size + type: integer + - name: mptcp_address_id + type: short + - name: mptcp_flags + type: short + - name: ssl_server_name + type: keyword + - name: ssl_certificate_hash + type: keyword + - name: small_packet_count + type: long + - name: non_empty_packet_count + type: long + - name: data_byte_count + type: long + - name: average_interarrival_time + type: long + - name: standard_deviation_interarrival_time + type: long + - name: first_non_empty_packet_size + type: integer + - name: max_packet_size + type: integer + - name: first_eight_non_empty_packet_directions + type: short + - name: standard_deviation_payload_length + type: short + - name: large_packet_count + type: long + - name: reverse_initial_tcp_flags + type: short + - name: reverse_union_tcp_flags + type: short + - name: reverse_payload + type: keyword + - name: reverse_payload_entropy + type: short + - name: reverse_os_name + type: keyword + - name: reverse_os_version + type: keyword + - name: reverse_first_packet_banner + type: keyword + - name: reverse_second_packet_banner + type: keyword + - name: reverse_flow_attributes + type: integer + - name: reverse_os_finger_print + type: keyword + - name: reverse_rtp_payload_type + type: short + - name: reverse_small_packet_count + type: long + - name: reverse_non_empty_packet_count + type: long + - name: reverse_data_byte_count + type: long + - name: reverse_average_interarrival_time + type: long + - name: reverse_standard_deviation_interarrival_time + type: long + - name: reverse_first_non_empty_packet_size + type: integer + - name: reverse_max_packet_size + type: integer + - name: reverse_standard_deviation_payload_length + type: integer + - name: reverse_large_packet_count + type: long + - name: policy_qos_classification_hierarchy + type: long + - name: waasoptimization_segment + type: short + - name: art_clientpackets + type: long + - name: art_serverpackets + type: long + - name: art_count_retransmissions + type: long + - name: art_count_transactions + type: long + - name: art_total_transaction_time_sum + type: long + - name: art_total_transaction_time_maximum + type: long + - name: art_total_transaction_time_minimum + type: long + - name: art_count_new_connections + type: long + - name: art_count_responses + type: long + - name: art_count_responses_histogram_bucket1 + type: long + - name: art_count_responses_histogram_bucket2 + type: long + - name: art_count_responses_histogram_bucket3 + type: long + - name: art_count_responses_histogram_bucket4 + type: long + - name: art_count_responses_histogram_bucket5 + type: long + - name: art_count_responses_histogram_bucket6 + type: long + - name: art_count_responses_histogram_bucket7 + type: long + - name: art_count_late_responses + type: long + - name: art_response_time_sum + type: long + - name: art_response_time_maximum + type: long + - name: art_response_time_minimum + type: long + - name: art_server_response_time_sum + type: long + - name: art_server_response_time_maximum + type: long + - name: art_server_response_time_minimum + type: long + - name: art_total_response_time_sum + type: long + - name: art_total_response_time_maximum + type: long + - name: art_total_response_time_minimum + type: long + - name: art_network_time_sum + type: long + - name: art_network_time_maximum + type: long + - name: art_network_time_minimum + type: long + - name: art_client_network_time_sum + type: long + - name: art_client_network_time_maximum + type: long + - name: art_client_network_time_minimum + type: long + - name: art_server_network_time_sum + type: long + - name: art_server_network_time_maximum + type: long + - name: art_server_network_time_minimum + type: long + - name: application_http_uri_statistics + type: short + - name: policy_qos_queueindex + type: long + - name: policy_qos_queue_index + type: long + - name: policy_qos_queuedrops + type: long + - name: application_category_name + type: long + - name: application_sub_category_name + type: long + - name: application_group_name + type: long + - name: application_http_user-agent + type: short + - name: application_traffic-class + type: long + - name: application_business-relevance + type: long + - name: timestamp_absolute_monitoring-interval + type: long + - name: netscaler_round_trip_time + type: long + - name: netscaler_transaction_id + type: long + - name: netscaler_http_req_url + type: keyword + - name: netscaler_http_req_cookie + type: keyword + - name: netscaler_flow_flags + type: long + - name: netscaler_connection_id + type: long + - name: netscaler_syslog_priority + type: short + - name: netscaler_syslog_message + type: keyword + - name: netscaler_syslog_timestamp + type: long + - name: netscaler_http_req_referer + type: keyword + - name: netscaler_http_req_method + type: keyword + - name: netscaler_http_req_host + type: keyword + - name: netscaler_http_req_user_agent + type: keyword + - name: netscaler_http_rsp_status + type: integer + - name: netscaler_http_rsp_len + type: long + - name: netscaler_server_ttfb + type: long + - name: netscaler_server_ttlb + type: long + - name: netscaler_app_name_incarnation_number + type: long + - name: netscaler_app_name_app_id + type: long + - name: netscaler_app_name + type: keyword + - name: netscaler_http_req_rcv_fb + type: long + - name: netscaler_http_req_forw_fb + type: long + - name: netscaler_http_res_rcv_fb + type: long + - name: netscaler_http_res_forw_fb + type: long + - name: netscaler_http_req_rcv_lb + type: long + - name: netscaler_http_req_forw_lb + type: long + - name: netscaler_main_page_id + type: long + - name: netscaler_main_page_core_id + type: long + - name: netscaler_http_client_interaction_start_time + type: keyword + - name: netscaler_http_client_render_end_time + type: keyword + - name: netscaler_http_client_render_start_time + type: keyword + - name: netscaler_app_template_name + type: keyword + - name: netscaler_http_client_interaction_end_time + type: keyword + - name: netscaler_http_res_rcv_lb + type: long + - name: netscaler_http_res_forw_lb + type: long + - name: netscaler_app_unit_name_app_id + type: long + - name: netscaler_db_login_flags + type: long + - name: netscaler_db_req_type + type: short + - name: netscaler_db_protocol_name + type: short + - name: netscaler_db_user_name + type: keyword + - name: netscaler_db_database_name + type: keyword + - name: netscaler_db_clt_host_name + type: keyword + - name: netscaler_db_req_string + type: keyword + - name: netscaler_db_resp_status_string + type: keyword + - name: netscaler_db_resp_status + type: long + - name: netscaler_db_resp_length + type: long + - name: netscaler_client_rtt + type: long + - name: netscaler_http_content_type + type: keyword + - name: netscaler_http_req_authorization + type: keyword + - name: netscaler_http_req_via + type: keyword + - name: netscaler_http_res_location + type: keyword + - name: netscaler_http_res_set_cookie + type: keyword + - name: netscaler_http_res_set_cookie2 + type: keyword + - name: netscaler_http_req_xforwarded_for + type: keyword + - name: netscaler_connection_chain_id + type: short + - name: netscaler_connection_chain_hop_count + type: long + - name: netscaler_ica_session_guid + type: short + - name: netscale_ica_client_version + type: keyword + - name: netscaler_ica_client_type + type: integer + - name: netscaler_ica_client_ip + type: ip + - name: netscaler_ica_client_host_name + type: keyword + - name: netscaler_aaa_username + type: keyword + - name: netscaler_ica_domain_name + type: keyword + - name: netscaler_ica_client_launcher + type: integer + - name: netscaler_ica_session_setup_time + type: long + - name: netscaler_ica_server_name + type: keyword + - name: netscaler_ica_session_reconnects + type: short + - name: netscaler_ica_rtt + type: long + - name: netscaler_ica_clientside_rx_bytes + type: long + - name: netscaler_ica_clientside_tx_bytes + type: long + - name: netscaler_ica_clientside_packets_retransmit + type: integer + - name: netscaler_ica_serverside_packets_retransmit + type: integer + - name: netscaler_ica_clientside_rtt + type: long + - name: netscaler_ica_serverside_rtt + type: long + - name: netscaler_ica_session_update_begin_sec + type: long + - name: netscaler_ica_session_update_end_sec + type: long + - name: netscaler_ica_channel_id1 + type: long + - name: netscaler_ica_channel_id1_bytes + type: long + - name: netscaler_ica_channel_id2 + type: long + - name: netscaler_ica_channel_id2_bytes + type: long + - name: netscaler_ica_channel_id3 + type: long + - name: netscaler_ica_channel_id3_bytes + type: long + - name: netscaler_ica_channel_id4 + type: long + - name: netscaler_ica_channel_id4_bytes + type: long + - name: netscaler_ica_channel_id5 + type: long + - name: netscaler_ica_channel_id5_bytes + type: long + - name: netscaler_ica_connection_priority + type: integer + - name: netscaler_application_startup_duration + type: long + - name: netscaler_ica_launch_mechanism + type: integer + - name: netscaler_ica_application_name + type: keyword + - name: netscaler_application_startup_time + type: long + - name: netscaler_ica_application_termination_type + type: integer + - name: netscaler_ica_application_termination_time + type: long + - name: netscaler_ica_session_end_time + type: long + - name: netscaler_ica_clientside_jitter + type: long + - name: netscaler_ica_serverside_jitter + type: long + - name: netscaler_ica_app_process_id + type: long + - name: netscaler_ica_app_module_path + type: keyword + - name: netscaler_ica_device_serial_no + type: long + - name: netscaler_msi_client_cookie + type: short + - name: netscaler_ica_flags + type: long + - name: netscaler_ica_username + type: keyword + - name: netscaler_license_type + type: short + - name: netscaler_max_license_count + type: long + - name: netscaler_current_license_consumed + type: long + - name: netscaler_ica_network_update_start_time + type: long + - name: netscaler_ica_network_update_end_time + type: long + - name: netscaler_ica_clientside_srtt + type: long + - name: netscaler_ica_serverside_srtt + type: long + - name: netscaler_ica_clientside_delay + type: long + - name: netscaler_ica_serverside_delay + type: long + - name: netscaler_ica_host_delay + type: long + - name: netscaler_ica_client_side_window_size + type: integer + - name: netscaler_ica_server_side_window_size + type: integer + - name: netscaler_ica_client_side_rto_count + type: integer + - name: netscaler_ica_server_side_rto_count + type: integer + - name: netscaler_ica_l7_client_latency + type: long + - name: netscaler_ica_l7_server_latency + type: long + - name: netscaler_http_domain_name + type: keyword + - name: netscaler_cache_redir_client_connection_core_id + type: long + - name: netscaler_cache_redir_client_connection_transaction_id + type: long + - name: netscaler_unknown270 + type: long + - name: netscaler_unknown271 + type: long + - name: netscaler_unknown272 + type: long + - name: netscaler_unknown273 + type: long + - name: netscaler_unknown274 + type: long + - name: netscaler_unknown275 + type: long + - name: netscaler_unknown276 + type: long + - name: netscaler_unknown277 + type: long + - name: netscaler_unknown278 + type: long + - name: netscaler_unknown279 + type: long + - name: netscaler_unknown280 + type: long + - name: netscaler_unknown281 + type: long + - name: netscaler_unknown282 + type: long + - name: netscaler_unknown283 + type: long + - name: netscaler_unknown284 + type: long + - name: netscaler_unknown285 + type: long + - name: netscaler_unknown286 + type: long + - name: netscaler_unknown287 + type: long + - name: netscaler_unknown288 + type: long + - name: netscaler_unknown289 + type: long + - name: netscaler_unknown290 + type: long + - name: netscaler_unknown291 + type: long + - name: netscaler_unknown292 + type: long + - name: netscaler_unknown293 + type: long + - name: netscaler_unknown294 + type: long + - name: netscaler_unknown295 + type: long + - name: netscaler_unknown296 + type: long + - name: netscaler_unknown297 + type: long + - name: netscaler_unknown298 + type: long + - name: netscaler_unknown299 + type: long + - name: netscaler_unknown300 + type: long + - name: netscaler_unknown301 + type: long + - name: netscaler_unknown302 + type: long + - name: netscaler_unknown303 + type: long + - name: netscaler_unknown304 + type: long + - name: netscaler_unknown305 + type: long + - name: netscaler_unknown306 + type: long + - name: netscaler_unknown307 + type: long + - name: netscaler_unknown308 + type: long + - name: netscaler_unknown309 + type: long + - name: netscaler_unknown310 + type: long + - name: netscaler_unknown311 + type: long + - name: netscaler_unknown312 + type: long + - name: netscaler_unknown313 + type: long + - name: netscaler_unknown314 + type: long + - name: netscaler_unknown315 + type: long + - name: netscaler_unknown316 + type: keyword + - name: netscaler_unknown317 + type: long + - name: netscaler_unknown318 + type: long + - name: netscaler_unknown319 + type: keyword + - name: netscaler_unknown320 + type: integer + - name: netscaler_unknown321 + type: long + - name: netscaler_unknown322 + type: long + - name: netscaler_unknown323 + type: integer + - name: netscaler_unknown324 + type: integer + - name: netscaler_unknown325 + type: integer + - name: netscaler_unknown326 + type: integer + - name: netscaler_unknown327 + type: long + - name: netscaler_unknown328 + type: integer + - name: netscaler_unknown329 + type: integer + - name: netscaler_unknown330 + type: integer + - name: netscaler_unknown331 + type: integer + - name: netscaler_unknown332 + type: long + - name: netscaler_unknown333 + type: keyword + - name: netscaler_unknown334 + type: keyword + - name: netscaler_unknown335 + type: long + - name: netscaler_unknown336 + type: long + - name: netscaler_unknown337 + type: long + - name: netscaler_unknown338 + type: long + - name: netscaler_unknown339 + type: long + - name: netscaler_unknown340 + type: long + - name: netscaler_unknown341 + type: long + - name: netscaler_unknown342 + type: long + - name: netscaler_unknown343 + type: long + - name: netscaler_unknown344 + type: long + - name: netscaler_unknown345 + type: long + - name: netscaler_unknown346 + type: long + - name: netscaler_unknown347 + type: long + - name: netscaler_unknown348 + type: integer + - name: netscaler_unknown349 + type: keyword + - name: netscaler_unknown350 + type: keyword + - name: netscaler_unknown351 + type: keyword + - name: netscaler_unknown352 + type: integer + - name: netscaler_unknown353 + type: long + - name: netscaler_unknown354 + type: long + - name: netscaler_unknown355 + type: long + - name: netscaler_unknown356 + type: long + - name: netscaler_unknown357 + type: long + - name: netscaler_unknown363 + type: short + - name: netscaler_unknown383 + type: short + - name: netscaler_unknown391 + type: long + - name: netscaler_unknown398 + type: long + - name: netscaler_unknown404 + type: long + - name: netscaler_unknown405 + type: long + - name: netscaler_unknown427 + type: long + - name: netscaler_unknown429 + type: short + - name: netscaler_unknown432 + type: short + - name: netscaler_unknown433 + type: short + - name: netscaler_unknown453 + type: long + - name: netscaler_unknown465 + type: long + - name: fw_ext_event + type: integer + - name: fw_event_level + type: long + - name: fw_event_level_id + type: long + - name: fw_configured_value + type: long + - name: fw_cts_src_sgt + type: long + - name: fw_ext_event_alt + type: long + - name: fw_blackout_secs + type: long + - name: fw_half_open_high + type: long + - name: fw_half_open_rate + type: long + - name: fw_zone_pair_id + type: long + - name: fw_max_sessions + type: long + - name: fw_zone_pair_name + type: long + - name: fw_ext_event_desc + type: keyword + - name: fw_summary_pkt_count + type: long + - name: fw_half_open_count + type: long + - name: username + type: keyword + - name: xlate_source_address_ip_v4 + type: ip + - name: xlate_destination_address_ip_v4 + type: ip + - name: xlate_source_port + type: integer + - name: xlate_destination_port + type: integer + - name: firewall_event + type: short + - name: nat_inside_svcid + type: integer + - name: nat_outside_svcid + type: integer + - name: nat_sub_string + type: keyword + - name: ixia_l7_app_id + type: long + - name: ixia_l7_app_name + type: keyword + - name: ixia_src_country_code + type: keyword + - name: ixia_src_country_name + type: keyword + - name: ixia_src_region_code + type: keyword + - name: ixia_src_region_name + type: keyword + - name: ixia_src_city_name + type: keyword + - name: ixia_src_latitude + type: float + - name: ixia_src_longitude + type: float + - name: ixia_dst_country_code + type: keyword + - name: ixia_dst_country_name + type: keyword + - name: ixia_dst_region_code + type: keyword + - name: ixia_dst_region_node + type: keyword + - name: ixia_dst_city_name + type: keyword + - name: ixia_dst_latitude + type: float + - name: ixia_dst_longitude + type: float + - name: ixia_device_id + type: short + - name: ixia_device_name + type: keyword + - name: ixia_browser_id + type: short + - name: ixia_browser_name + type: keyword + - name: ixia_rev_octet_delta_count + type: long + - name: ixia_rev_packet_delta_count + type: long + - name: ixia_encrypt_type + type: keyword + - name: ixia_encrypt_cipher + type: keyword + - name: ixia_encrypt_key_length + type: integer + - name: ixia_imsi_subscriber + type: keyword + - name: ixia_http_user_agent + type: keyword + - name: ixia_http_host_name + type: keyword + - name: ixia_http_uri + type: keyword + - name: ixia_dns_record_txt + type: keyword + - name: ixia_src_as_name + type: keyword + - name: ixia_dst_as_name + type: keyword + - name: ixia_latency + type: long + - name: ixia_dns_query + type: keyword + - name: ixia_dns_answer + type: keyword + - name: ixia_dns_classes + type: keyword + - name: ixia_threat_type + type: keyword + - name: ixia_threat_ipv4 + type: ip + - name: ixia_threat_ipv6 + type: ip + - name: vmware_tenant_protocol + type: short + - name: vmware_tenant_source_ipv4 + type: ip + - name: vmware_tenant_dest_ipv4 + type: ip + - name: vmware_tenant_source_ipv6 + type: ip + - name: vmware_tenant_dest_ipv6 + type: ip + - name: vmware_tenant_source_port + type: integer + - name: vmware_tenant_dest_port + type: integer + - name: vmware_egress_interface_attr + type: integer + - name: vmware_vxlan_export_role + type: short + - name: vmware_ingress_interface_attr + type: integer + - name: afc_protocol + type: integer + - name: afc_protocol_name + type: keyword + - name: flow_direction + type: short + - name: timestamp + type: long + - name: log_op + type: short + - name: traffic_type + type: short + - name: fw_rule + type: keyword + - name: service_name + type: keyword + - name: reason + type: long + - name: reason_text + type: keyword + - name: bind_ipv4_address + type: ip + - name: bind_transport_port + type: integer + - name: conn_ipv4_address + type: ip + - name: conn_transport_port + type: integer + - name: audit_counter + type: long + - name: timestamp + type: long + - name: log_op + type: short + - name: traffic_type + type: short + - name: fw_rule + type: keyword + - name: service_name + type: keyword + - name: reason + type: long + - name: reason_text + type: keyword + - name: bind_ipv4_address + type: ip + - name: bind_transport_port + type: integer + - name: conn_ipv4_address + type: ip + - name: conn_transport_port + type: integer + - name: audit_counter + type: long + - name: procera_service + type: keyword + - name: procera_base_service + type: keyword + - name: procera_incoming_octets + type: long + - name: procera_outgoing_octets + type: long + - name: procera_incoming_packets + type: long + - name: procera_outgoing_packets + type: long + - name: procera_incoming_shaping_latency + type: integer + - name: procera_outgoing_shaping_latency + type: integer + - name: procera_incoming_shaping_drops + type: long + - name: procera_outgoing_shaping_drops + type: long + - name: procera_internal_rtt + type: integer + - name: procera_external_rtt + type: integer + - name: procera_flow_behavior + type: keyword + - name: procera_content_categories + type: keyword + - name: procera_property + type: keyword + - name: procera_server_hostname + type: keyword + - name: procera_http_request_method + type: keyword + - name: procera_http_user_agent + type: keyword + - name: procera_http_content_type + type: keyword + - name: procera_http_url + type: keyword + - name: procera_http_referer + type: keyword + - name: procera_http_response_status + type: integer + - name: procera_http_file_length + type: long + - name: procera_http_location + type: keyword + - name: procera_http_language + type: keyword + - name: procera_subscriber_identifier + type: keyword + - name: procera_msisdn + type: long + - name: procera_imsi + type: long + - name: procera_rat + type: keyword + - name: procera_device_id + type: long + - name: procera_sgsn + type: keyword + - name: procera_rnc + type: integer + - name: procera_apn + type: keyword + - name: procera_user_location_information + type: keyword + - name: procera_ggsn + type: keyword + - name: procera_qoe_incoming_internal + type: float + - name: procera_qoe_incoming_external + type: float + - name: procera_qoe_outgoing_internal + type: float + - name: procera_qoe_outgoing_external + type: float + - name: procera_local_ipv4_host + type: ip + - name: procera_local_ipv6_host + type: ip + - name: procera_remote_ipv4_host + type: ip + - name: procera_remote_ipv6_host + type: ip + - name: procera_http_request_version + type: keyword + - name: procera_template_name + type: keyword + - name: mark + type: long + - name: conntrack_id + type: long + - name: reverse_octet_delta_count + type: long + - name: reverse_packet_delta_count + type: long + - name: reverse_delta_flow_count + type: long + - name: reverse_protocol_identifier + type: short + - name: reverse_ip_class_of_service + type: short + - name: reverse_tcp_control_bits + type: integer + - name: reverse_source_transport_port + type: integer + - name: reverse_source_ipv4_address + type: ip + - name: reverse_source_ipv4_prefix_length + type: short + - name: reverse_ingress_interface + type: long + - name: reverse_destination_transport_port + type: integer + - name: reverse_destination_ipv4_address + type: ip + - name: reverse_destination_ipv4_prefix_length + type: short + - name: reverse_egress_interface + type: long + - name: reverse_ip_next_hop_ipv4_address + type: ip + - name: reverse_bgp_source_as_number + type: long + - name: reverse_bgp_destination_as_number + type: long + - name: reverse_bgp_next_hop_ipv4_address + type: ip + - name: reverse_post_mcast_packet_delta_count + type: long + - name: reverse_post_mcast_octet_delta_count + type: long + - name: reverse_flow_end_sys_up_time + type: long + - name: reverse_flow_start_sys_up_time + type: long + - name: reverse_post_octet_delta_count + type: long + - name: reverse_post_packet_delta_count + type: long + - name: reverse_minimum_ip_total_length + type: long + - name: reverse_maximum_ip_total_length + type: long + - name: reverse_source_ipv6_address + type: ip + - name: reverse_destination_ipv6_address + type: ip + - name: reverse_source_ipv6_prefix_length + type: short + - name: reverse_destination_ipv6_prefix_length + type: short + - name: reverse_flow_label_ipv6 + type: long + - name: reverse_icmp_type_code_ipv4 + type: integer + - name: reverse_igmp_type + type: short + - name: reverse_sampling_interval + type: long + - name: reverse_sampling_algorithm + type: short + - name: reverse_flow_active_timeout + type: integer + - name: reverse_flow_idle_timeout + type: integer + - name: reverse_engine_type + type: short + - name: reverse_engine_id + type: short + - name: reverse_ipv4_router_sc + type: ip + - name: reverse_source_ipv4_prefix + type: ip + - name: reverse_destination_ipv4_prefix + type: ip + - name: reverse_mpls_top_label_type + type: short + - name: reverse_mpls_top_label_ipv4_address + type: ip + - name: reverse_sampler_id + type: short + - name: reverse_sampler_mode + type: short + - name: reverse_sampler_random_interval + type: long + - name: reverse_class_id + type: short + - name: reverse_minimum_ttl + type: short + - name: reverse_maximum_ttl + type: short + - name: reverse_fragment_identification + type: long + - name: reverse_post_ip_class_of_service + type: short + - name: reverse_source_mac_address + type: keyword + - name: reverse_post_destination_mac_address + type: keyword + - name: reverse_vlan_id + type: integer + - name: reverse_post_vlan_id + type: integer + - name: reverse_ip_version + type: short + - name: reverse_flow_direction + type: short + - name: reverse_ip_next_hop_ipv6_address + type: ip + - name: reverse_bgp_next_hop_ipv6_address + type: ip + - name: reverse_ipv6_extension_headers + type: long + - name: reverse_mpls_top_label_stack_section + type: keyword + - name: reverse_mpls_label_stack_section2 + type: keyword + - name: reverse_mpls_label_stack_section3 + type: keyword + - name: reverse_mpls_label_stack_section4 + type: keyword + - name: reverse_mpls_label_stack_section5 + type: keyword + - name: reverse_mpls_label_stack_section6 + type: keyword + - name: reverse_mpls_label_stack_section7 + type: keyword + - name: reverse_mpls_label_stack_section8 + type: keyword + - name: reverse_mpls_label_stack_section9 + type: keyword + - name: reverse_mpls_label_stack_section10 + type: keyword + - name: reverse_destination_mac_address + type: keyword + - name: reverse_post_source_mac_address + type: keyword + - name: reverse_interface_name + type: keyword + - name: reverse_interface_description + type: keyword + - name: reverse_sampler_name + type: keyword + - name: reverse_octet_total_count + type: long + - name: reverse_packet_total_count + type: long + - name: reverse_flags_and_sampler_id + type: long + - name: reverse_fragment_offset + type: integer + - name: reverse_forwarding_status + type: long + - name: reverse_mpls_vpn_route_distinguisher + type: keyword + - name: reverse_mpls_top_label_prefix_length + type: short + - name: reverse_src_traffic_index + type: long + - name: reverse_dst_traffic_index + type: long + - name: reverse_application_description + type: keyword + - name: reverse_application_id + type: keyword + - name: reverse_application_name + type: keyword + - name: reverse_post_ip_diff_serv_code_point + type: short + - name: reverse_multicast_replication_factor + type: long + - name: reverse_class_name + type: keyword + - name: reverse_classification_engine_id + type: short + - name: reverse_layer2packet_section_offset + type: integer + - name: reverse_layer2packet_section_size + type: integer + - name: reverse_layer2packet_section_data + type: keyword + - name: reverse_bgp_next_adjacent_as_number + type: long + - name: reverse_bgp_prev_adjacent_as_number + type: long + - name: reverse_dropped_octet_delta_count + type: long + - name: reverse_dropped_packet_delta_count + type: long + - name: reverse_dropped_octet_total_count + type: long + - name: reverse_dropped_packet_total_count + type: long + - name: reverse_flow_end_reason + type: short + - name: reverse_observation_point_id + type: long + - name: reverse_icmp_type_code_ipv6 + type: integer + - name: reverse_mpls_top_label_ipv6_address + type: ip + - name: reverse_line_card_id + type: long + - name: reverse_port_id + type: long + - name: reverse_metering_process_id + type: long + - name: reverse_exporting_process_id + type: long + - name: reverse_wlan_channel_id + type: short + - name: reverse_wlan_ssid + type: keyword + - name: reverse_flow_start_seconds + type: long + - name: reverse_flow_end_seconds + type: long + - name: reverse_flow_start_milliseconds + type: long + - name: reverse_flow_end_milliseconds + type: long + - name: reverse_flow_start_microseconds + type: long + - name: reverse_flow_end_microseconds + type: long + - name: reverse_flow_start_nanoseconds + type: long + - name: reverse_flow_end_nanoseconds + type: long + - name: reverse_flow_start_delta_microseconds + type: long + - name: reverse_flow_end_delta_microseconds + type: long + - name: reverse_system_init_time_milliseconds + type: long + - name: reverse_flow_duration_milliseconds + type: long + - name: reverse_flow_duration_microseconds + type: long + - name: reverse_destination_ipv6_prefix + type: ip + - name: reverse_source_ipv6_prefix + type: ip + - name: reverse_post_octet_total_count + type: long + - name: reverse_post_packet_total_count + type: long + - name: reverse_post_mcast_packet_total_count + type: long + - name: reverse_post_mcast_octet_total_count + type: long + - name: reverse_icmp_type_ipv4 + type: short + - name: reverse_icmp_code_ipv4 + type: short + - name: reverse_icmp_type_ipv6 + type: short + - name: reverse_icmp_code_ipv6 + type: short + - name: reverse_udp_source_port + type: integer + - name: reverse_udp_destination_port + type: integer + - name: reverse_tcp_source_port + type: integer + - name: reverse_tcp_destination_port + type: integer + - name: reverse_tcp_sequence_number + type: long + - name: reverse_tcp_acknowledgement_number + type: long + - name: reverse_tcp_window_size + type: integer + - name: reverse_tcp_urgent_pointer + type: integer + - name: reverse_tcp_header_length + type: short + - name: reverse_ip_header_length + type: short + - name: reverse_total_length_ipv4 + type: integer + - name: reverse_payload_length_ipv6 + type: integer + - name: reverse_ip_ttl + type: short + - name: reverse_next_header_ipv6 + type: short + - name: reverse_mpls_payload_length + type: long + - name: reverse_ip_diff_serv_code_point + type: short + - name: reverse_ip_precedence + type: short + - name: reverse_fragment_flags + type: short + - name: reverse_octet_delta_sum_of_squares + type: long + - name: reverse_octet_total_sum_of_squares + type: long + - name: reverse_mpls_top_label_ttl + type: short + - name: reverse_mpls_label_stack_length + type: long + - name: reverse_mpls_label_stack_depth + type: long + - name: reverse_mpls_top_label_exp + type: short + - name: reverse_ip_payload_length + type: long + - name: reverse_udp_message_length + type: integer + - name: reverse_is_multicast + type: short + - name: reverse_ipv4_ihl + type: short + - name: reverse_ipv4_options + type: long + - name: reverse_tcp_options + type: long + - name: reverse_tcp_syn_total_count + type: long + - name: reverse_tcp_fin_total_count + type: long + - name: reverse_tcp_rst_total_count + type: long + - name: reverse_tcp_psh_total_count + type: long + - name: reverse_tcp_ack_total_count + type: long + - name: reverse_tcp_urg_total_count + type: long + - name: reverse_ip_total_length + type: long + - name: reverse_post_nat_source_ipv4_address + type: ip + - name: reverse_post_nat_destination_ipv4_address + type: ip + - name: reverse_post_napt_source_transport_port + type: integer + - name: reverse_post_napt_destination_transport_port + type: integer + - name: reverse_nat_originating_address_realm + type: short + - name: reverse_nat_event + type: short + - name: reverse_initiator_octets + type: long + - name: reverse_responder_octets + type: long + - name: reverse_firewall_event + type: short + - name: reverse_ingress_vrfid + type: long + - name: reverse_egress_vrfid + type: long + - name: reverse_vr_fname + type: keyword + - name: reverse_post_mpls_top_label_exp + type: short + - name: reverse_tcp_window_scale + type: integer + - name: reverse_ethernet_header_length + type: short + - name: reverse_ethernet_payload_length + type: integer + - name: reverse_ethernet_total_length + type: integer + - name: reverse_dot1q_vlan_id + type: integer + - name: reverse_dot1q_priority + type: short + - name: reverse_dot1q_customer_vlan_id + type: integer + - name: reverse_dot1q_customer_priority + type: short + - name: reverse_metro_evc_id + type: keyword + - name: reverse_metro_evc_type + type: short + - name: reverse_pseudo_wire_id + type: long + - name: reverse_pseudo_wire_type + type: integer + - name: reverse_pseudo_wire_control_word + type: long + - name: reverse_ingress_physical_interface + type: long + - name: reverse_egress_physical_interface + type: long + - name: reverse_post_dot1q_vlan_id + type: integer + - name: reverse_post_dot1q_customer_vlan_id + type: integer + - name: reverse_ethernet_type + type: integer + - name: reverse_post_ip_precedence + type: short + - name: reverse_collection_time_milliseconds + type: long + - name: reverse_export_sctp_stream_id + type: integer + - name: reverse_max_export_seconds + type: long + - name: reverse_max_flow_end_seconds + type: long + - name: reverse_message_md5_checksum + type: keyword + - name: reverse_message_scope + type: short + - name: reverse_min_export_seconds + type: long + - name: reverse_min_flow_start_seconds + type: long + - name: reverse_opaque_octets + type: keyword + - name: reverse_session_scope + type: short + - name: reverse_max_flow_end_microseconds + type: long + - name: reverse_max_flow_end_milliseconds + type: long + - name: reverse_max_flow_end_nanoseconds + type: long + - name: reverse_min_flow_start_microseconds + type: long + - name: reverse_min_flow_start_milliseconds + type: long + - name: reverse_min_flow_start_nanoseconds + type: long + - name: reverse_collector_certificate + type: keyword + - name: reverse_exporter_certificate + type: keyword + - name: reverse_data_records_reliability + type: short + - name: reverse_observation_point_type + type: short + - name: reverse_new_connection_delta_count + type: long + - name: reverse_connection_sum_duration_seconds + type: long + - name: reverse_connection_transaction_id + type: long + - name: reverse_post_nat_source_ipv6_address + type: ip + - name: reverse_post_nat_destination_ipv6_address + type: ip + - name: reverse_nat_pool_id + type: long + - name: reverse_nat_pool_name + type: keyword + - name: reverse_anonymization_flags + type: integer + - name: reverse_anonymization_technique + type: integer + - name: reverse_information_element_index + type: integer + - name: reverse_p2p_technology + type: keyword + - name: reverse_tunnel_technology + type: keyword + - name: reverse_encrypted_technology + type: keyword + - name: reverse_bgp_validity_state + type: short + - name: reverse_ip_sec_spi + type: long + - name: reverse_gre_key + type: long + - name: reverse_nat_type + type: short + - name: reverse_initiator_packets + type: long + - name: reverse_responder_packets + type: long + - name: reverse_observation_domain_name + type: keyword + - name: reverse_selection_sequence_id + type: long + - name: reverse_selector_id + type: long + - name: reverse_information_element_id + type: integer + - name: reverse_selector_algorithm + type: integer + - name: reverse_sampling_packet_interval + type: long + - name: reverse_sampling_packet_space + type: long + - name: reverse_sampling_time_interval + type: long + - name: reverse_sampling_time_space + type: long + - name: reverse_sampling_size + type: long + - name: reverse_sampling_population + type: long + - name: reverse_sampling_probability + type: double + - name: reverse_data_link_frame_size + type: integer + - name: reverse_ip_header_packet_section + type: keyword + - name: reverse_ip_payload_packet_section + type: keyword + - name: reverse_data_link_frame_section + type: keyword + - name: reverse_mpls_label_stack_section + type: keyword + - name: reverse_mpls_payload_packet_section + type: keyword + - name: reverse_selector_id_total_pkts_observed + type: long + - name: reverse_selector_id_total_pkts_selected + type: long + - name: reverse_absolute_error + type: double + - name: reverse_relative_error + type: double + - name: reverse_observation_time_seconds + type: long + - name: reverse_observation_time_milliseconds + type: long + - name: reverse_observation_time_microseconds + type: long + - name: reverse_observation_time_nanoseconds + type: long + - name: reverse_digest_hash_value + type: long + - name: reverse_hash_ip_payload_offset + type: long + - name: reverse_hash_ip_payload_size + type: long + - name: reverse_hash_output_range_min + type: long + - name: reverse_hash_output_range_max + type: long + - name: reverse_hash_selected_range_min + type: long + - name: reverse_hash_selected_range_max + type: long + - name: reverse_hash_digest_output + type: short + - name: reverse_hash_initialiser_value + type: long + - name: reverse_selector_name + type: keyword + - name: reverse_upper_ci_limit + type: double + - name: reverse_lower_ci_limit + type: double + - name: reverse_confidence_level + type: double + - name: reverse_information_element_data_type + type: short + - name: reverse_information_element_description + type: keyword + - name: reverse_information_element_name + type: keyword + - name: reverse_information_element_range_begin + type: long + - name: reverse_information_element_range_end + type: long + - name: reverse_information_element_semantics + type: short + - name: reverse_information_element_units + type: integer + - name: reverse_private_enterprise_number + type: long + - name: reverse_virtual_station_interface_id + type: keyword + - name: reverse_virtual_station_interface_name + type: keyword + - name: reverse_virtual_station_uuid + type: keyword + - name: reverse_virtual_station_name + type: keyword + - name: reverse_layer2_segment_id + type: long + - name: reverse_layer2_octet_delta_count + type: long + - name: reverse_layer2_octet_total_count + type: long + - name: reverse_ingress_unicast_packet_total_count + type: long + - name: reverse_ingress_multicast_packet_total_count + type: long + - name: reverse_ingress_broadcast_packet_total_count + type: long + - name: reverse_egress_unicast_packet_total_count + type: long + - name: reverse_egress_broadcast_packet_total_count + type: long + - name: reverse_monitoring_interval_start_milli_seconds + type: long + - name: reverse_monitoring_interval_end_milli_seconds + type: long + - name: reverse_port_range_start + type: integer + - name: reverse_port_range_end + type: integer + - name: reverse_port_range_step_size + type: integer + - name: reverse_port_range_num_ports + type: integer + - name: reverse_sta_mac_address + type: keyword + - name: reverse_sta_ipv4_address + type: ip + - name: reverse_wtp_mac_address + type: keyword + - name: reverse_ingress_interface_type + type: long + - name: reverse_egress_interface_type + type: long + - name: reverse_rtp_sequence_number + type: integer + - name: reverse_user_name + type: keyword + - name: reverse_application_category_name + type: keyword + - name: reverse_application_sub_category_name + type: keyword + - name: reverse_application_group_name + type: keyword + - name: reverse_original_flows_present + type: long + - name: reverse_original_flows_initiated + type: long + - name: reverse_original_flows_completed + type: long + - name: reverse_distinct_count_of_source_ip_address + type: long + - name: reverse_distinct_count_of_destination_ip_address + type: long + - name: reverse_distinct_count_of_source_ipv4_address + type: long + - name: reverse_distinct_count_of_destination_ipv4_address + type: long + - name: reverse_distinct_count_of_source_ipv6_address + type: long + - name: reverse_distinct_count_of_destination_ipv6_address + type: long + - name: reverse_value_distribution_method + type: short + - name: reverse_rfc3550_jitter_milliseconds + type: long + - name: reverse_rfc3550_jitter_microseconds + type: long + - name: reverse_rfc3550_jitter_nanoseconds + type: long + - name: reverse_dot1q_dei + type: short + - name: reverse_dot1q_customer_dei + type: short + - name: reverse_flow_selector_algorithm + type: integer + - name: reverse_flow_selected_octet_delta_count + type: long + - name: reverse_flow_selected_packet_delta_count + type: long + - name: reverse_flow_selected_flow_delta_count + type: long + - name: reverse_selector_id_total_flows_observed + type: long + - name: reverse_selector_id_total_flows_selected + type: long + - name: reverse_sampling_flow_interval + type: long + - name: reverse_sampling_flow_spacing + type: long + - name: reverse_flow_sampling_time_interval + type: long + - name: reverse_flow_sampling_time_spacing + type: long + - name: reverse_hash_flow_domain + type: integer + - name: reverse_transport_octet_delta_count + type: long + - name: reverse_transport_packet_delta_count + type: long + - name: reverse_original_exporter_ipv4_address + type: ip + - name: reverse_original_exporter_ipv6_address + type: ip + - name: reverse_original_observation_domain_id + type: long + - name: reverse_intermediate_process_id + type: long + - name: reverse_ignored_data_record_total_count + type: long + - name: reverse_data_link_frame_type + type: integer + - name: reverse_section_offset + type: integer + - name: reverse_section_exported_octets + type: integer + - name: reverse_dot1q_service_instance_tag + type: keyword + - name: reverse_dot1q_service_instance_id + type: long + - name: reverse_dot1q_service_instance_priority + type: short + - name: reverse_dot1q_customer_source_mac_address + type: keyword + - name: reverse_dot1q_customer_destination_mac_address + type: keyword + - name: reverse_post_layer2_octet_delta_count + type: long + - name: reverse_post_mcast_layer2_octet_delta_count + type: long + - name: reverse_post_layer2_octet_total_count + type: long + - name: reverse_post_mcast_layer2_octet_total_count + type: long + - name: reverse_minimum_layer2_total_length + type: long + - name: reverse_maximum_layer2_total_length + type: long + - name: reverse_dropped_layer2_octet_delta_count + type: long + - name: reverse_dropped_layer2_octet_total_count + type: long + - name: reverse_ignored_layer2_octet_total_count + type: long + - name: reverse_not_sent_layer2_octet_total_count + type: long + - name: reverse_layer2_octet_delta_sum_of_squares + type: long + - name: reverse_layer2_octet_total_sum_of_squares + type: long + - name: reverse_layer2_frame_delta_count + type: long + - name: reverse_layer2_frame_total_count + type: long + - name: reverse_pseudo_wire_destination_ipv4_address + type: ip + - name: reverse_ignored_layer2_frame_total_count + type: long + - name: viptela_vpn_id + type: long diff --git a/packages/netflow/docs/README.md b/packages/netflow/docs/README.md index cba16e64138..82151f4ce08 100644 --- a/packages/netflow/docs/README.md +++ b/packages/netflow/docs/README.md @@ -20,7 +20,7 @@ The `log` dataset collects netflow logs. | Field | Description | Type | |---|---|---| -| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | +| @timestamp | Event timestamp. | date | | agent.ephemeral_id | Ephemeral identifier of this agent (if one exists). This id normally changes across restarts, but `agent.id` does not. | keyword | | agent.id | Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id. | keyword | | agent.name | Custom name of the agent. This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. If no name is given, the name is often left empty. | keyword | @@ -258,14 +258,58 @@ The `log` dataset collects netflow logs. | netflow.address_port_mapping_high_threshold | | long | | netflow.address_port_mapping_low_threshold | | long | | netflow.address_port_mapping_per_user_high_threshold | | long | +| netflow.afc_protocol | | integer | +| netflow.afc_protocol_name | | keyword | | netflow.anonymization_flags | | integer | | netflow.anonymization_technique | | integer | -| netflow.application_category_name | | keyword | +| netflow.application_business-relevance | | long | +| netflow.application_category_name | | long | | netflow.application_description | | keyword | | netflow.application_group_name | | keyword | +| netflow.application_http_uri_statistics | | short | +| netflow.application_http_user-agent | | short | | netflow.application_id | | short | | netflow.application_name | | keyword | -| netflow.application_sub_category_name | | keyword | +| netflow.application_sub_category_name | | long | +| netflow.application_traffic-class | | long | +| netflow.art_client_network_time_maximum | | long | +| netflow.art_client_network_time_minimum | | long | +| netflow.art_client_network_time_sum | | long | +| netflow.art_clientpackets | | long | +| netflow.art_count_late_responses | | long | +| netflow.art_count_new_connections | | long | +| netflow.art_count_responses | | long | +| netflow.art_count_responses_histogram_bucket1 | | long | +| netflow.art_count_responses_histogram_bucket2 | | long | +| netflow.art_count_responses_histogram_bucket3 | | long | +| netflow.art_count_responses_histogram_bucket4 | | long | +| netflow.art_count_responses_histogram_bucket5 | | long | +| netflow.art_count_responses_histogram_bucket6 | | long | +| netflow.art_count_responses_histogram_bucket7 | | long | +| netflow.art_count_retransmissions | | long | +| netflow.art_count_transactions | | long | +| netflow.art_network_time_maximum | | long | +| netflow.art_network_time_minimum | | long | +| netflow.art_network_time_sum | | long | +| netflow.art_response_time_maximum | | long | +| netflow.art_response_time_minimum | | long | +| netflow.art_response_time_sum | | long | +| netflow.art_server_network_time_maximum | | long | +| netflow.art_server_network_time_minimum | | long | +| netflow.art_server_network_time_sum | | long | +| netflow.art_server_response_time_maximum | | long | +| netflow.art_server_response_time_minimum | | long | +| netflow.art_server_response_time_sum | | long | +| netflow.art_serverpackets | | long | +| netflow.art_total_response_time_maximum | | long | +| netflow.art_total_response_time_minimum | | long | +| netflow.art_total_response_time_sum | | long | +| netflow.art_total_transaction_time_maximum | | long | +| netflow.art_total_transaction_time_minimum | | long | +| netflow.art_total_transaction_time_sum | | long | +| netflow.assembled_fragment_count | | long | +| netflow.audit_counter | | long | +| netflow.average_interarrival_time | | long | | netflow.bgp_destination_as_number | | long | | netflow.bgp_next_adjacent_as_number | | long | | netflow.bgp_next_hop_ipv4_address | | ip | @@ -274,6 +318,8 @@ The `log` dataset collects netflow logs. | netflow.bgp_source_as_number | | long | | netflow.bgp_validity_state | | short | | netflow.biflow_direction | | short | +| netflow.bind_ipv4_address | | ip | +| netflow.bind_transport_port | | integer | | netflow.class_id | | long | | netflow.class_name | | keyword | | netflow.classification_engine_id | | short | @@ -284,8 +330,12 @@ The `log` dataset collects netflow logs. | netflow.collector_transport_port | | integer | | netflow.common_properties_id | | long | | netflow.confidence_level | | double | +| netflow.conn_ipv4_address | | ip | +| netflow.conn_transport_port | | integer | | netflow.connection_sum_duration_seconds | | long | | netflow.connection_transaction_id | | long | +| netflow.conntrack_id | | long | +| netflow.data_byte_count | | long | | netflow.data_link_frame_section | | short | | netflow.data_link_frame_size | | integer | | netflow.data_link_frame_type | | integer | @@ -306,6 +356,31 @@ The `log` dataset collects netflow logs. | netflow.distinct_count_of_source_ip_address | | long | | netflow.distinct_count_of_source_ipv4_address | | long | | netflow.distinct_count_of_source_ipv6_address | | long | +| netflow.dns_authoritative | | short | +| netflow.dns_cname | | keyword | +| netflow.dns_id | | integer | +| netflow.dns_mx_exchange | | keyword | +| netflow.dns_mx_preference | | integer | +| netflow.dns_nsd_name | | keyword | +| netflow.dns_nx_domain | | short | +| netflow.dns_ptrd_name | | keyword | +| netflow.dns_qname | | keyword | +| netflow.dns_qr_type | | integer | +| netflow.dns_query_response | | short | +| netflow.dns_rr_section | | short | +| netflow.dns_soa_expire | | long | +| netflow.dns_soa_minimum | | long | +| netflow.dns_soa_refresh | | long | +| netflow.dns_soa_retry | | long | +| netflow.dns_soa_serial | | long | +| netflow.dns_soam_name | | keyword | +| netflow.dns_soar_name | | keyword | +| netflow.dns_srv_port | | integer | +| netflow.dns_srv_priority | | integer | +| netflow.dns_srv_target | | integer | +| netflow.dns_srv_weight | | integer | +| netflow.dns_ttl | | long | +| netflow.dns_txt_data | | keyword | | netflow.dot1q_customer_dei | | boolean | | netflow.dot1q_customer_destination_mac_address | | keyword | | netflow.dot1q_customer_priority | | short | @@ -337,6 +412,7 @@ The `log` dataset collects netflow logs. | netflow.ethernet_payload_length | | integer | | netflow.ethernet_total_length | | integer | | netflow.ethernet_type | | integer | +| netflow.expired_fragment_count | | long | | netflow.export_interface | | long | | netflow.export_protocol_version | | short | | netflow.export_sctp_stream_id | | integer | @@ -356,8 +432,12 @@ The `log` dataset collects netflow logs. | netflow.exporting_process_id | | long | | netflow.external_address_realm | | short | | netflow.firewall_event | | short | +| netflow.first_eight_non_empty_packet_directions | | short | +| netflow.first_non_empty_packet_size | | integer | +| netflow.first_packet_banner | | keyword | | netflow.flags_and_sampler_id | | long | | netflow.flow_active_timeout | | integer | +| netflow.flow_attributes | | integer | | netflow.flow_direction | | short | | netflow.flow_duration_microseconds | | long | | netflow.flow_duration_milliseconds | | long | @@ -384,10 +464,28 @@ The `log` dataset collects netflow logs. | netflow.flow_start_nanoseconds | | date | | netflow.flow_start_seconds | | date | | netflow.flow_start_sys_up_time | | long | +| netflow.flow_table_flush_event_count | | long | +| netflow.flow_table_peak_count | | long | | netflow.forwarding_status | | short | | netflow.fragment_flags | | short | | netflow.fragment_identification | | long | | netflow.fragment_offset | | integer | +| netflow.fw_blackout_secs | | long | +| netflow.fw_configured_value | | long | +| netflow.fw_cts_src_sgt | | long | +| netflow.fw_event_level | | long | +| netflow.fw_event_level_id | | long | +| netflow.fw_ext_event | | integer | +| netflow.fw_ext_event_alt | | long | +| netflow.fw_ext_event_desc | | keyword | +| netflow.fw_half_open_count | | long | +| netflow.fw_half_open_high | | long | +| netflow.fw_half_open_rate | | long | +| netflow.fw_max_sessions | | long | +| netflow.fw_rule | | keyword | +| netflow.fw_summary_pkt_count | | long | +| netflow.fw_zone_pair_id | | long | +| netflow.fw_zone_pair_name | | long | | netflow.global_address_mapping_high_threshold | | long | | netflow.gre_key | | long | | netflow.hash_digest_output | | boolean | @@ -435,6 +533,7 @@ The `log` dataset collects netflow logs. | netflow.ingress_physical_interface | | long | | netflow.ingress_unicast_packet_total_count | | long | | netflow.ingress_vrfid | | long | +| netflow.initial_tcp_flags | | short | | netflow.initiator_octets | | long | | netflow.initiator_packets | | long | | netflow.interface_description | | keyword | @@ -459,6 +558,46 @@ The `log` dataset collects netflow logs. | netflow.ipv4_router_sc | | ip | | netflow.ipv6_extension_headers | | long | | netflow.is_multicast | | short | +| netflow.ixia_browser_id | | short | +| netflow.ixia_browser_name | | keyword | +| netflow.ixia_device_id | | short | +| netflow.ixia_device_name | | keyword | +| netflow.ixia_dns_answer | | keyword | +| netflow.ixia_dns_classes | | keyword | +| netflow.ixia_dns_query | | keyword | +| netflow.ixia_dns_record_txt | | keyword | +| netflow.ixia_dst_as_name | | keyword | +| netflow.ixia_dst_city_name | | keyword | +| netflow.ixia_dst_country_code | | keyword | +| netflow.ixia_dst_country_name | | keyword | +| netflow.ixia_dst_latitude | | float | +| netflow.ixia_dst_longitude | | float | +| netflow.ixia_dst_region_code | | keyword | +| netflow.ixia_dst_region_node | | keyword | +| netflow.ixia_encrypt_cipher | | keyword | +| netflow.ixia_encrypt_key_length | | integer | +| netflow.ixia_encrypt_type | | keyword | +| netflow.ixia_http_host_name | | keyword | +| netflow.ixia_http_uri | | keyword | +| netflow.ixia_http_user_agent | | keyword | +| netflow.ixia_imsi_subscriber | | keyword | +| netflow.ixia_l7_app_id | | long | +| netflow.ixia_l7_app_name | | keyword | +| netflow.ixia_latency | | long | +| netflow.ixia_rev_octet_delta_count | | long | +| netflow.ixia_rev_packet_delta_count | | long | +| netflow.ixia_src_as_name | | keyword | +| netflow.ixia_src_city_name | | keyword | +| netflow.ixia_src_country_code | | keyword | +| netflow.ixia_src_country_name | | keyword | +| netflow.ixia_src_latitude | | float | +| netflow.ixia_src_longitude | | float | +| netflow.ixia_src_region_code | | keyword | +| netflow.ixia_src_region_name | | keyword | +| netflow.ixia_threat_ipv4 | | ip | +| netflow.ixia_threat_ipv6 | | ip | +| netflow.ixia_threat_type | | keyword | +| netflow.large_packet_count | | long | | netflow.layer2_frame_delta_count | | long | | netflow.layer2_frame_total_count | | long | | netflow.layer2_octet_delta_count | | long | @@ -470,7 +609,9 @@ The `log` dataset collects netflow logs. | netflow.layer2packet_section_offset | | integer | | netflow.layer2packet_section_size | | integer | | netflow.line_card_id | | long | +| netflow.log_op | | short | | netflow.lower_ci_limit | | double | +| netflow.mark | | long | | netflow.max_bib_entries | | long | | netflow.max_entries_per_user | | long | | netflow.max_export_seconds | | date | @@ -479,11 +620,14 @@ The `log` dataset collects netflow logs. | netflow.max_flow_end_nanoseconds | | date | | netflow.max_flow_end_seconds | | date | | netflow.max_fragments_pending_reassembly | | long | +| netflow.max_packet_size | | integer | | netflow.max_session_entries | | long | | netflow.max_subscribers | | long | | netflow.maximum_ip_total_length | | long | | netflow.maximum_layer2_total_length | | long | | netflow.maximum_ttl | | short | +| netflow.mean_flow_rate | | long | +| netflow.mean_packet_rate | | long | | netflow.message_md5_checksum | | short | | netflow.message_scope | | short | | netflow.metering_process_id | | long | @@ -542,17 +686,247 @@ The `log` dataset collects netflow logs. | netflow.mpls_top_label_ttl | | short | | netflow.mpls_top_label_type | | short | | netflow.mpls_vpn_route_distinguisher | | short | +| netflow.mptcp_address_id | | short | +| netflow.mptcp_flags | | short | +| netflow.mptcp_initial_data_sequence_number | | long | +| netflow.mptcp_maximum_segment_size | | integer | +| netflow.mptcp_receiver_token | | long | | netflow.multicast_replication_factor | | long | | netflow.nat_event | | short | +| netflow.nat_inside_svcid | | integer | | netflow.nat_instance_id | | long | | netflow.nat_originating_address_realm | | short | +| netflow.nat_outside_svcid | | integer | | netflow.nat_pool_id | | long | | netflow.nat_pool_name | | keyword | | netflow.nat_quota_exceeded_event | | long | +| netflow.nat_sub_string | | keyword | | netflow.nat_threshold_event | | long | | netflow.nat_type | | short | +| netflow.netscale_ica_client_version | | keyword | +| netflow.netscaler_aaa_username | | keyword | +| netflow.netscaler_app_name | | keyword | +| netflow.netscaler_app_name_app_id | | long | +| netflow.netscaler_app_name_incarnation_number | | long | +| netflow.netscaler_app_template_name | | keyword | +| netflow.netscaler_app_unit_name_app_id | | long | +| netflow.netscaler_application_startup_duration | | long | +| netflow.netscaler_application_startup_time | | long | +| netflow.netscaler_cache_redir_client_connection_core_id | | long | +| netflow.netscaler_cache_redir_client_connection_transaction_id | | long | +| netflow.netscaler_client_rtt | | long | +| netflow.netscaler_connection_chain_hop_count | | long | +| netflow.netscaler_connection_chain_id | | short | +| netflow.netscaler_connection_id | | long | +| netflow.netscaler_current_license_consumed | | long | +| netflow.netscaler_db_clt_host_name | | keyword | +| netflow.netscaler_db_database_name | | keyword | +| netflow.netscaler_db_login_flags | | long | +| netflow.netscaler_db_protocol_name | | short | +| netflow.netscaler_db_req_string | | keyword | +| netflow.netscaler_db_req_type | | short | +| netflow.netscaler_db_resp_length | | long | +| netflow.netscaler_db_resp_status | | long | +| netflow.netscaler_db_resp_status_string | | keyword | +| netflow.netscaler_db_user_name | | keyword | +| netflow.netscaler_flow_flags | | long | +| netflow.netscaler_http_client_interaction_end_time | | keyword | +| netflow.netscaler_http_client_interaction_start_time | | keyword | +| netflow.netscaler_http_client_render_end_time | | keyword | +| netflow.netscaler_http_client_render_start_time | | keyword | +| netflow.netscaler_http_content_type | | keyword | +| netflow.netscaler_http_domain_name | | keyword | +| netflow.netscaler_http_req_authorization | | keyword | +| netflow.netscaler_http_req_cookie | | keyword | +| netflow.netscaler_http_req_forw_fb | | long | +| netflow.netscaler_http_req_forw_lb | | long | +| netflow.netscaler_http_req_host | | keyword | +| netflow.netscaler_http_req_method | | keyword | +| netflow.netscaler_http_req_rcv_fb | | long | +| netflow.netscaler_http_req_rcv_lb | | long | +| netflow.netscaler_http_req_referer | | keyword | +| netflow.netscaler_http_req_url | | keyword | +| netflow.netscaler_http_req_user_agent | | keyword | +| netflow.netscaler_http_req_via | | keyword | +| netflow.netscaler_http_req_xforwarded_for | | keyword | +| netflow.netscaler_http_res_forw_fb | | long | +| netflow.netscaler_http_res_forw_lb | | long | +| netflow.netscaler_http_res_location | | keyword | +| netflow.netscaler_http_res_rcv_fb | | long | +| netflow.netscaler_http_res_rcv_lb | | long | +| netflow.netscaler_http_res_set_cookie | | keyword | +| netflow.netscaler_http_res_set_cookie2 | | keyword | +| netflow.netscaler_http_rsp_len | | long | +| netflow.netscaler_http_rsp_status | | integer | +| netflow.netscaler_ica_app_module_path | | keyword | +| netflow.netscaler_ica_app_process_id | | long | +| netflow.netscaler_ica_application_name | | keyword | +| netflow.netscaler_ica_application_termination_time | | long | +| netflow.netscaler_ica_application_termination_type | | integer | +| netflow.netscaler_ica_channel_id1 | | long | +| netflow.netscaler_ica_channel_id1_bytes | | long | +| netflow.netscaler_ica_channel_id2 | | long | +| netflow.netscaler_ica_channel_id2_bytes | | long | +| netflow.netscaler_ica_channel_id3 | | long | +| netflow.netscaler_ica_channel_id3_bytes | | long | +| netflow.netscaler_ica_channel_id4 | | long | +| netflow.netscaler_ica_channel_id4_bytes | | long | +| netflow.netscaler_ica_channel_id5 | | long | +| netflow.netscaler_ica_channel_id5_bytes | | long | +| netflow.netscaler_ica_client_host_name | | keyword | +| netflow.netscaler_ica_client_ip | | ip | +| netflow.netscaler_ica_client_launcher | | integer | +| netflow.netscaler_ica_client_side_rto_count | | integer | +| netflow.netscaler_ica_client_side_window_size | | integer | +| netflow.netscaler_ica_client_type | | integer | +| netflow.netscaler_ica_clientside_delay | | long | +| netflow.netscaler_ica_clientside_jitter | | long | +| netflow.netscaler_ica_clientside_packets_retransmit | | integer | +| netflow.netscaler_ica_clientside_rtt | | long | +| netflow.netscaler_ica_clientside_rx_bytes | | long | +| netflow.netscaler_ica_clientside_srtt | | long | +| netflow.netscaler_ica_clientside_tx_bytes | | long | +| netflow.netscaler_ica_connection_priority | | integer | +| netflow.netscaler_ica_device_serial_no | | long | +| netflow.netscaler_ica_domain_name | | keyword | +| netflow.netscaler_ica_flags | | long | +| netflow.netscaler_ica_host_delay | | long | +| netflow.netscaler_ica_l7_client_latency | | long | +| netflow.netscaler_ica_l7_server_latency | | long | +| netflow.netscaler_ica_launch_mechanism | | integer | +| netflow.netscaler_ica_network_update_end_time | | long | +| netflow.netscaler_ica_network_update_start_time | | long | +| netflow.netscaler_ica_rtt | | long | +| netflow.netscaler_ica_server_name | | keyword | +| netflow.netscaler_ica_server_side_rto_count | | integer | +| netflow.netscaler_ica_server_side_window_size | | integer | +| netflow.netscaler_ica_serverside_delay | | long | +| netflow.netscaler_ica_serverside_jitter | | long | +| netflow.netscaler_ica_serverside_packets_retransmit | | integer | +| netflow.netscaler_ica_serverside_rtt | | long | +| netflow.netscaler_ica_serverside_srtt | | long | +| netflow.netscaler_ica_session_end_time | | long | +| netflow.netscaler_ica_session_guid | | short | +| netflow.netscaler_ica_session_reconnects | | short | +| netflow.netscaler_ica_session_setup_time | | long | +| netflow.netscaler_ica_session_update_begin_sec | | long | +| netflow.netscaler_ica_session_update_end_sec | | long | +| netflow.netscaler_ica_username | | keyword | +| netflow.netscaler_license_type | | short | +| netflow.netscaler_main_page_core_id | | long | +| netflow.netscaler_main_page_id | | long | +| netflow.netscaler_max_license_count | | long | +| netflow.netscaler_msi_client_cookie | | short | +| netflow.netscaler_round_trip_time | | long | +| netflow.netscaler_server_ttfb | | long | +| netflow.netscaler_server_ttlb | | long | +| netflow.netscaler_syslog_message | | keyword | +| netflow.netscaler_syslog_priority | | short | +| netflow.netscaler_syslog_timestamp | | long | +| netflow.netscaler_transaction_id | | long | +| netflow.netscaler_unknown270 | | long | +| netflow.netscaler_unknown271 | | long | +| netflow.netscaler_unknown272 | | long | +| netflow.netscaler_unknown273 | | long | +| netflow.netscaler_unknown274 | | long | +| netflow.netscaler_unknown275 | | long | +| netflow.netscaler_unknown276 | | long | +| netflow.netscaler_unknown277 | | long | +| netflow.netscaler_unknown278 | | long | +| netflow.netscaler_unknown279 | | long | +| netflow.netscaler_unknown280 | | long | +| netflow.netscaler_unknown281 | | long | +| netflow.netscaler_unknown282 | | long | +| netflow.netscaler_unknown283 | | long | +| netflow.netscaler_unknown284 | | long | +| netflow.netscaler_unknown285 | | long | +| netflow.netscaler_unknown286 | | long | +| netflow.netscaler_unknown287 | | long | +| netflow.netscaler_unknown288 | | long | +| netflow.netscaler_unknown289 | | long | +| netflow.netscaler_unknown290 | | long | +| netflow.netscaler_unknown291 | | long | +| netflow.netscaler_unknown292 | | long | +| netflow.netscaler_unknown293 | | long | +| netflow.netscaler_unknown294 | | long | +| netflow.netscaler_unknown295 | | long | +| netflow.netscaler_unknown296 | | long | +| netflow.netscaler_unknown297 | | long | +| netflow.netscaler_unknown298 | | long | +| netflow.netscaler_unknown299 | | long | +| netflow.netscaler_unknown300 | | long | +| netflow.netscaler_unknown301 | | long | +| netflow.netscaler_unknown302 | | long | +| netflow.netscaler_unknown303 | | long | +| netflow.netscaler_unknown304 | | long | +| netflow.netscaler_unknown305 | | long | +| netflow.netscaler_unknown306 | | long | +| netflow.netscaler_unknown307 | | long | +| netflow.netscaler_unknown308 | | long | +| netflow.netscaler_unknown309 | | long | +| netflow.netscaler_unknown310 | | long | +| netflow.netscaler_unknown311 | | long | +| netflow.netscaler_unknown312 | | long | +| netflow.netscaler_unknown313 | | long | +| netflow.netscaler_unknown314 | | long | +| netflow.netscaler_unknown315 | | long | +| netflow.netscaler_unknown316 | | keyword | +| netflow.netscaler_unknown317 | | long | +| netflow.netscaler_unknown318 | | long | +| netflow.netscaler_unknown319 | | keyword | +| netflow.netscaler_unknown320 | | integer | +| netflow.netscaler_unknown321 | | long | +| netflow.netscaler_unknown322 | | long | +| netflow.netscaler_unknown323 | | integer | +| netflow.netscaler_unknown324 | | integer | +| netflow.netscaler_unknown325 | | integer | +| netflow.netscaler_unknown326 | | integer | +| netflow.netscaler_unknown327 | | long | +| netflow.netscaler_unknown328 | | integer | +| netflow.netscaler_unknown329 | | integer | +| netflow.netscaler_unknown330 | | integer | +| netflow.netscaler_unknown331 | | integer | +| netflow.netscaler_unknown332 | | long | +| netflow.netscaler_unknown333 | | keyword | +| netflow.netscaler_unknown334 | | keyword | +| netflow.netscaler_unknown335 | | long | +| netflow.netscaler_unknown336 | | long | +| netflow.netscaler_unknown337 | | long | +| netflow.netscaler_unknown338 | | long | +| netflow.netscaler_unknown339 | | long | +| netflow.netscaler_unknown340 | | long | +| netflow.netscaler_unknown341 | | long | +| netflow.netscaler_unknown342 | | long | +| netflow.netscaler_unknown343 | | long | +| netflow.netscaler_unknown344 | | long | +| netflow.netscaler_unknown345 | | long | +| netflow.netscaler_unknown346 | | long | +| netflow.netscaler_unknown347 | | long | +| netflow.netscaler_unknown348 | | integer | +| netflow.netscaler_unknown349 | | keyword | +| netflow.netscaler_unknown350 | | keyword | +| netflow.netscaler_unknown351 | | keyword | +| netflow.netscaler_unknown352 | | integer | +| netflow.netscaler_unknown353 | | long | +| netflow.netscaler_unknown354 | | long | +| netflow.netscaler_unknown355 | | long | +| netflow.netscaler_unknown356 | | long | +| netflow.netscaler_unknown357 | | long | +| netflow.netscaler_unknown363 | | short | +| netflow.netscaler_unknown383 | | short | +| netflow.netscaler_unknown391 | | long | +| netflow.netscaler_unknown398 | | long | +| netflow.netscaler_unknown404 | | long | +| netflow.netscaler_unknown405 | | long | +| netflow.netscaler_unknown427 | | long | +| netflow.netscaler_unknown429 | | short | +| netflow.netscaler_unknown432 | | short | +| netflow.netscaler_unknown433 | | short | +| netflow.netscaler_unknown453 | | long | +| netflow.netscaler_unknown465 | | long | | netflow.new_connection_delta_count | | long | | netflow.next_header_ipv6 | | short | +| netflow.non_empty_packet_count | | long | | netflow.not_sent_flow_total_count | | long | | netflow.not_sent_layer2_octet_total_count | | long | | netflow.not_sent_octet_total_count | | long | @@ -577,11 +951,20 @@ The `log` dataset collects netflow logs. | netflow.original_flows_initiated | | long | | netflow.original_flows_present | | long | | netflow.original_observation_domain_id | | long | +| netflow.os_finger_print | | keyword | +| netflow.os_name | | keyword | +| netflow.os_version | | keyword | | netflow.p2p_technology | | keyword | | netflow.packet_delta_count | | long | | netflow.packet_total_count | | long | | netflow.padding_octets | | short | +| netflow.payload | | keyword | +| netflow.payload_entropy | | short | | netflow.payload_length_ipv6 | | integer | +| netflow.policy_qos_classification_hierarchy | | long | +| netflow.policy_qos_queue_index | | long | +| netflow.policy_qos_queuedrops | | long | +| netflow.policy_qos_queueindex | | long | | netflow.port_id | | long | | netflow.port_range_end | | integer | | netflow.port_range_num_ports | | integer | @@ -615,17 +998,460 @@ The `log` dataset collects netflow logs. | netflow.post_source_mac_address | | keyword | | netflow.post_vlan_id | | integer | | netflow.private_enterprise_number | | long | +| netflow.procera_apn | | keyword | +| netflow.procera_base_service | | keyword | +| netflow.procera_content_categories | | keyword | +| netflow.procera_device_id | | long | +| netflow.procera_external_rtt | | integer | +| netflow.procera_flow_behavior | | keyword | +| netflow.procera_ggsn | | keyword | +| netflow.procera_http_content_type | | keyword | +| netflow.procera_http_file_length | | long | +| netflow.procera_http_language | | keyword | +| netflow.procera_http_location | | keyword | +| netflow.procera_http_referer | | keyword | +| netflow.procera_http_request_method | | keyword | +| netflow.procera_http_request_version | | keyword | +| netflow.procera_http_response_status | | integer | +| netflow.procera_http_url | | keyword | +| netflow.procera_http_user_agent | | keyword | +| netflow.procera_imsi | | long | +| netflow.procera_incoming_octets | | long | +| netflow.procera_incoming_packets | | long | +| netflow.procera_incoming_shaping_drops | | long | +| netflow.procera_incoming_shaping_latency | | integer | +| netflow.procera_internal_rtt | | integer | +| netflow.procera_local_ipv4_host | | ip | +| netflow.procera_local_ipv6_host | | ip | +| netflow.procera_msisdn | | long | +| netflow.procera_outgoing_octets | | long | +| netflow.procera_outgoing_packets | | long | +| netflow.procera_outgoing_shaping_drops | | long | +| netflow.procera_outgoing_shaping_latency | | integer | +| netflow.procera_property | | keyword | +| netflow.procera_qoe_incoming_external | | float | +| netflow.procera_qoe_incoming_internal | | float | +| netflow.procera_qoe_outgoing_external | | float | +| netflow.procera_qoe_outgoing_internal | | float | +| netflow.procera_rat | | keyword | +| netflow.procera_remote_ipv4_host | | ip | +| netflow.procera_remote_ipv6_host | | ip | +| netflow.procera_rnc | | integer | +| netflow.procera_server_hostname | | keyword | +| netflow.procera_service | | keyword | +| netflow.procera_sgsn | | keyword | +| netflow.procera_subscriber_identifier | | keyword | +| netflow.procera_template_name | | keyword | +| netflow.procera_user_location_information | | keyword | | netflow.protocol_identifier | | short | | netflow.pseudo_wire_control_word | | long | | netflow.pseudo_wire_destination_ipv4_address | | ip | | netflow.pseudo_wire_id | | long | | netflow.pseudo_wire_type | | integer | +| netflow.reason | | long | +| netflow.reason_text | | keyword | | netflow.relative_error | | double | | netflow.responder_octets | | long | | netflow.responder_packets | | long | +| netflow.reverse_absolute_error | | double | +| netflow.reverse_anonymization_flags | | integer | +| netflow.reverse_anonymization_technique | | integer | +| netflow.reverse_application_category_name | | keyword | +| netflow.reverse_application_description | | keyword | +| netflow.reverse_application_group_name | | keyword | +| netflow.reverse_application_id | | keyword | +| netflow.reverse_application_name | | keyword | +| netflow.reverse_application_sub_category_name | | keyword | +| netflow.reverse_average_interarrival_time | | long | +| netflow.reverse_bgp_destination_as_number | | long | +| netflow.reverse_bgp_next_adjacent_as_number | | long | +| netflow.reverse_bgp_next_hop_ipv4_address | | ip | +| netflow.reverse_bgp_next_hop_ipv6_address | | ip | +| netflow.reverse_bgp_prev_adjacent_as_number | | long | +| netflow.reverse_bgp_source_as_number | | long | +| netflow.reverse_bgp_validity_state | | short | +| netflow.reverse_class_id | | short | +| netflow.reverse_class_name | | keyword | +| netflow.reverse_classification_engine_id | | short | +| netflow.reverse_collection_time_milliseconds | | long | +| netflow.reverse_collector_certificate | | keyword | +| netflow.reverse_confidence_level | | double | +| netflow.reverse_connection_sum_duration_seconds | | long | +| netflow.reverse_connection_transaction_id | | long | +| netflow.reverse_data_byte_count | | long | +| netflow.reverse_data_link_frame_section | | keyword | +| netflow.reverse_data_link_frame_size | | integer | +| netflow.reverse_data_link_frame_type | | integer | +| netflow.reverse_data_records_reliability | | short | +| netflow.reverse_delta_flow_count | | long | +| netflow.reverse_destination_ipv4_address | | ip | +| netflow.reverse_destination_ipv4_prefix | | ip | +| netflow.reverse_destination_ipv4_prefix_length | | short | +| netflow.reverse_destination_ipv6_address | | ip | +| netflow.reverse_destination_ipv6_prefix | | ip | +| netflow.reverse_destination_ipv6_prefix_length | | short | +| netflow.reverse_destination_mac_address | | keyword | +| netflow.reverse_destination_transport_port | | integer | +| netflow.reverse_digest_hash_value | | long | +| netflow.reverse_distinct_count_of_destination_ip_address | | long | +| netflow.reverse_distinct_count_of_destination_ipv4_address | | long | +| netflow.reverse_distinct_count_of_destination_ipv6_address | | long | +| netflow.reverse_distinct_count_of_source_ip_address | | long | +| netflow.reverse_distinct_count_of_source_ipv4_address | | long | +| netflow.reverse_distinct_count_of_source_ipv6_address | | long | +| netflow.reverse_dot1q_customer_dei | | short | +| netflow.reverse_dot1q_customer_destination_mac_address | | keyword | +| netflow.reverse_dot1q_customer_priority | | short | +| netflow.reverse_dot1q_customer_source_mac_address | | keyword | +| netflow.reverse_dot1q_customer_vlan_id | | integer | +| netflow.reverse_dot1q_dei | | short | +| netflow.reverse_dot1q_priority | | short | +| netflow.reverse_dot1q_service_instance_id | | long | +| netflow.reverse_dot1q_service_instance_priority | | short | +| netflow.reverse_dot1q_service_instance_tag | | keyword | +| netflow.reverse_dot1q_vlan_id | | integer | +| netflow.reverse_dropped_layer2_octet_delta_count | | long | +| netflow.reverse_dropped_layer2_octet_total_count | | long | +| netflow.reverse_dropped_octet_delta_count | | long | +| netflow.reverse_dropped_octet_total_count | | long | +| netflow.reverse_dropped_packet_delta_count | | long | +| netflow.reverse_dropped_packet_total_count | | long | +| netflow.reverse_dst_traffic_index | | long | +| netflow.reverse_egress_broadcast_packet_total_count | | long | +| netflow.reverse_egress_interface | | long | +| netflow.reverse_egress_interface_type | | long | +| netflow.reverse_egress_physical_interface | | long | +| netflow.reverse_egress_unicast_packet_total_count | | long | +| netflow.reverse_egress_vrfid | | long | +| netflow.reverse_encrypted_technology | | keyword | +| netflow.reverse_engine_id | | short | +| netflow.reverse_engine_type | | short | +| netflow.reverse_ethernet_header_length | | short | +| netflow.reverse_ethernet_payload_length | | integer | +| netflow.reverse_ethernet_total_length | | integer | +| netflow.reverse_ethernet_type | | integer | +| netflow.reverse_export_sctp_stream_id | | integer | +| netflow.reverse_exporter_certificate | | keyword | +| netflow.reverse_exporting_process_id | | long | +| netflow.reverse_firewall_event | | short | +| netflow.reverse_first_non_empty_packet_size | | integer | +| netflow.reverse_first_packet_banner | | keyword | +| netflow.reverse_flags_and_sampler_id | | long | +| netflow.reverse_flow_active_timeout | | integer | +| netflow.reverse_flow_attributes | | integer | +| netflow.reverse_flow_delta_milliseconds | | long | +| netflow.reverse_flow_direction | | short | +| netflow.reverse_flow_duration_microseconds | | long | +| netflow.reverse_flow_duration_milliseconds | | long | +| netflow.reverse_flow_end_delta_microseconds | | long | +| netflow.reverse_flow_end_microseconds | | long | +| netflow.reverse_flow_end_milliseconds | | long | +| netflow.reverse_flow_end_nanoseconds | | long | +| netflow.reverse_flow_end_reason | | short | +| netflow.reverse_flow_end_seconds | | long | +| netflow.reverse_flow_end_sys_up_time | | long | +| netflow.reverse_flow_idle_timeout | | integer | +| netflow.reverse_flow_label_ipv6 | | long | +| netflow.reverse_flow_sampling_time_interval | | long | +| netflow.reverse_flow_sampling_time_spacing | | long | +| netflow.reverse_flow_selected_flow_delta_count | | long | +| netflow.reverse_flow_selected_octet_delta_count | | long | +| netflow.reverse_flow_selected_packet_delta_count | | long | +| netflow.reverse_flow_selector_algorithm | | integer | +| netflow.reverse_flow_start_delta_microseconds | | long | +| netflow.reverse_flow_start_microseconds | | long | +| netflow.reverse_flow_start_milliseconds | | long | +| netflow.reverse_flow_start_nanoseconds | | long | +| netflow.reverse_flow_start_seconds | | long | +| netflow.reverse_flow_start_sys_up_time | | long | +| netflow.reverse_forwarding_status | | long | +| netflow.reverse_fragment_flags | | short | +| netflow.reverse_fragment_identification | | long | +| netflow.reverse_fragment_offset | | integer | +| netflow.reverse_gre_key | | long | +| netflow.reverse_hash_digest_output | | short | +| netflow.reverse_hash_flow_domain | | integer | +| netflow.reverse_hash_initialiser_value | | long | +| netflow.reverse_hash_ip_payload_offset | | long | +| netflow.reverse_hash_ip_payload_size | | long | +| netflow.reverse_hash_output_range_max | | long | +| netflow.reverse_hash_output_range_min | | long | +| netflow.reverse_hash_selected_range_max | | long | +| netflow.reverse_hash_selected_range_min | | long | +| netflow.reverse_icmp_code_ipv4 | | short | +| netflow.reverse_icmp_code_ipv6 | | short | +| netflow.reverse_icmp_type_code_ipv4 | | integer | +| netflow.reverse_icmp_type_code_ipv6 | | integer | +| netflow.reverse_icmp_type_ipv4 | | short | +| netflow.reverse_icmp_type_ipv6 | | short | +| netflow.reverse_igmp_type | | short | +| netflow.reverse_ignored_data_record_total_count | | long | +| netflow.reverse_ignored_layer2_frame_total_count | | long | +| netflow.reverse_ignored_layer2_octet_total_count | | long | +| netflow.reverse_information_element_data_type | | short | +| netflow.reverse_information_element_description | | keyword | +| netflow.reverse_information_element_id | | integer | +| netflow.reverse_information_element_index | | integer | +| netflow.reverse_information_element_name | | keyword | +| netflow.reverse_information_element_range_begin | | long | +| netflow.reverse_information_element_range_end | | long | +| netflow.reverse_information_element_semantics | | short | +| netflow.reverse_information_element_units | | integer | +| netflow.reverse_ingress_broadcast_packet_total_count | | long | +| netflow.reverse_ingress_interface | | long | +| netflow.reverse_ingress_interface_type | | long | +| netflow.reverse_ingress_multicast_packet_total_count | | long | +| netflow.reverse_ingress_physical_interface | | long | +| netflow.reverse_ingress_unicast_packet_total_count | | long | +| netflow.reverse_ingress_vrfid | | long | +| netflow.reverse_initial_tcp_flags | | short | +| netflow.reverse_initiator_octets | | long | +| netflow.reverse_initiator_packets | | long | +| netflow.reverse_interface_description | | keyword | +| netflow.reverse_interface_name | | keyword | +| netflow.reverse_intermediate_process_id | | long | +| netflow.reverse_ip_class_of_service | | short | +| netflow.reverse_ip_diff_serv_code_point | | short | +| netflow.reverse_ip_header_length | | short | +| netflow.reverse_ip_header_packet_section | | keyword | +| netflow.reverse_ip_next_hop_ipv4_address | | ip | +| netflow.reverse_ip_next_hop_ipv6_address | | ip | +| netflow.reverse_ip_payload_length | | long | +| netflow.reverse_ip_payload_packet_section | | keyword | +| netflow.reverse_ip_precedence | | short | +| netflow.reverse_ip_sec_spi | | long | +| netflow.reverse_ip_total_length | | long | +| netflow.reverse_ip_ttl | | short | +| netflow.reverse_ip_version | | short | +| netflow.reverse_ipv4_ihl | | short | +| netflow.reverse_ipv4_options | | long | +| netflow.reverse_ipv4_router_sc | | ip | +| netflow.reverse_ipv6_extension_headers | | long | +| netflow.reverse_is_multicast | | short | +| netflow.reverse_large_packet_count | | long | +| netflow.reverse_layer2_frame_delta_count | | long | +| netflow.reverse_layer2_frame_total_count | | long | +| netflow.reverse_layer2_octet_delta_count | | long | +| netflow.reverse_layer2_octet_delta_sum_of_squares | | long | +| netflow.reverse_layer2_octet_total_count | | long | +| netflow.reverse_layer2_octet_total_sum_of_squares | | long | +| netflow.reverse_layer2_segment_id | | long | +| netflow.reverse_layer2packet_section_data | | keyword | +| netflow.reverse_layer2packet_section_offset | | integer | +| netflow.reverse_layer2packet_section_size | | integer | +| netflow.reverse_line_card_id | | long | +| netflow.reverse_lower_ci_limit | | double | +| netflow.reverse_max_export_seconds | | long | +| netflow.reverse_max_flow_end_microseconds | | long | +| netflow.reverse_max_flow_end_milliseconds | | long | +| netflow.reverse_max_flow_end_nanoseconds | | long | +| netflow.reverse_max_flow_end_seconds | | long | +| netflow.reverse_max_packet_size | | integer | +| netflow.reverse_maximum_ip_total_length | | long | +| netflow.reverse_maximum_layer2_total_length | | long | +| netflow.reverse_maximum_ttl | | short | +| netflow.reverse_message_md5_checksum | | keyword | +| netflow.reverse_message_scope | | short | +| netflow.reverse_metering_process_id | | long | +| netflow.reverse_metro_evc_id | | keyword | +| netflow.reverse_metro_evc_type | | short | +| netflow.reverse_min_export_seconds | | long | +| netflow.reverse_min_flow_start_microseconds | | long | +| netflow.reverse_min_flow_start_milliseconds | | long | +| netflow.reverse_min_flow_start_nanoseconds | | long | +| netflow.reverse_min_flow_start_seconds | | long | +| netflow.reverse_minimum_ip_total_length | | long | +| netflow.reverse_minimum_layer2_total_length | | long | +| netflow.reverse_minimum_ttl | | short | +| netflow.reverse_monitoring_interval_end_milli_seconds | | long | +| netflow.reverse_monitoring_interval_start_milli_seconds | | long | +| netflow.reverse_mpls_label_stack_depth | | long | +| netflow.reverse_mpls_label_stack_length | | long | +| netflow.reverse_mpls_label_stack_section | | keyword | +| netflow.reverse_mpls_label_stack_section10 | | keyword | +| netflow.reverse_mpls_label_stack_section2 | | keyword | +| netflow.reverse_mpls_label_stack_section3 | | keyword | +| netflow.reverse_mpls_label_stack_section4 | | keyword | +| netflow.reverse_mpls_label_stack_section5 | | keyword | +| netflow.reverse_mpls_label_stack_section6 | | keyword | +| netflow.reverse_mpls_label_stack_section7 | | keyword | +| netflow.reverse_mpls_label_stack_section8 | | keyword | +| netflow.reverse_mpls_label_stack_section9 | | keyword | +| netflow.reverse_mpls_payload_length | | long | +| netflow.reverse_mpls_payload_packet_section | | keyword | +| netflow.reverse_mpls_top_label_exp | | short | +| netflow.reverse_mpls_top_label_ipv4_address | | ip | +| netflow.reverse_mpls_top_label_ipv6_address | | ip | +| netflow.reverse_mpls_top_label_prefix_length | | short | +| netflow.reverse_mpls_top_label_stack_section | | keyword | +| netflow.reverse_mpls_top_label_ttl | | short | +| netflow.reverse_mpls_top_label_type | | short | +| netflow.reverse_mpls_vpn_route_distinguisher | | keyword | +| netflow.reverse_multicast_replication_factor | | long | +| netflow.reverse_nat_event | | short | +| netflow.reverse_nat_originating_address_realm | | short | +| netflow.reverse_nat_pool_id | | long | +| netflow.reverse_nat_pool_name | | keyword | +| netflow.reverse_nat_type | | short | +| netflow.reverse_new_connection_delta_count | | long | +| netflow.reverse_next_header_ipv6 | | short | +| netflow.reverse_non_empty_packet_count | | long | +| netflow.reverse_not_sent_layer2_octet_total_count | | long | +| netflow.reverse_observation_domain_name | | keyword | +| netflow.reverse_observation_point_id | | long | +| netflow.reverse_observation_point_type | | short | +| netflow.reverse_observation_time_microseconds | | long | +| netflow.reverse_observation_time_milliseconds | | long | +| netflow.reverse_observation_time_nanoseconds | | long | +| netflow.reverse_observation_time_seconds | | long | +| netflow.reverse_octet_delta_count | | long | +| netflow.reverse_octet_delta_sum_of_squares | | long | +| netflow.reverse_octet_total_count | | long | +| netflow.reverse_octet_total_sum_of_squares | | long | +| netflow.reverse_opaque_octets | | keyword | +| netflow.reverse_original_exporter_ipv4_address | | ip | +| netflow.reverse_original_exporter_ipv6_address | | ip | +| netflow.reverse_original_flows_completed | | long | +| netflow.reverse_original_flows_initiated | | long | +| netflow.reverse_original_flows_present | | long | +| netflow.reverse_original_observation_domain_id | | long | +| netflow.reverse_os_finger_print | | keyword | +| netflow.reverse_os_name | | keyword | +| netflow.reverse_os_version | | keyword | +| netflow.reverse_p2p_technology | | keyword | +| netflow.reverse_packet_delta_count | | long | +| netflow.reverse_packet_total_count | | long | +| netflow.reverse_payload | | keyword | +| netflow.reverse_payload_entropy | | short | +| netflow.reverse_payload_length_ipv6 | | integer | +| netflow.reverse_port_id | | long | +| netflow.reverse_port_range_end | | integer | +| netflow.reverse_port_range_num_ports | | integer | +| netflow.reverse_port_range_start | | integer | +| netflow.reverse_port_range_step_size | | integer | +| netflow.reverse_post_destination_mac_address | | keyword | +| netflow.reverse_post_dot1q_customer_vlan_id | | integer | +| netflow.reverse_post_dot1q_vlan_id | | integer | +| netflow.reverse_post_ip_class_of_service | | short | +| netflow.reverse_post_ip_diff_serv_code_point | | short | +| netflow.reverse_post_ip_precedence | | short | +| netflow.reverse_post_layer2_octet_delta_count | | long | +| netflow.reverse_post_layer2_octet_total_count | | long | +| netflow.reverse_post_mcast_layer2_octet_delta_count | | long | +| netflow.reverse_post_mcast_layer2_octet_total_count | | long | +| netflow.reverse_post_mcast_octet_delta_count | | long | +| netflow.reverse_post_mcast_octet_total_count | | long | +| netflow.reverse_post_mcast_packet_delta_count | | long | +| netflow.reverse_post_mcast_packet_total_count | | long | +| netflow.reverse_post_mpls_top_label_exp | | short | +| netflow.reverse_post_napt_destination_transport_port | | integer | +| netflow.reverse_post_napt_source_transport_port | | integer | +| netflow.reverse_post_nat_destination_ipv4_address | | ip | +| netflow.reverse_post_nat_destination_ipv6_address | | ip | +| netflow.reverse_post_nat_source_ipv4_address | | ip | +| netflow.reverse_post_nat_source_ipv6_address | | ip | +| netflow.reverse_post_octet_delta_count | | long | +| netflow.reverse_post_octet_total_count | | long | +| netflow.reverse_post_packet_delta_count | | long | +| netflow.reverse_post_packet_total_count | | long | +| netflow.reverse_post_source_mac_address | | keyword | +| netflow.reverse_post_vlan_id | | integer | +| netflow.reverse_private_enterprise_number | | long | +| netflow.reverse_protocol_identifier | | short | +| netflow.reverse_pseudo_wire_control_word | | long | +| netflow.reverse_pseudo_wire_destination_ipv4_address | | ip | +| netflow.reverse_pseudo_wire_id | | long | +| netflow.reverse_pseudo_wire_type | | integer | +| netflow.reverse_relative_error | | double | +| netflow.reverse_responder_octets | | long | +| netflow.reverse_responder_packets | | long | +| netflow.reverse_rfc3550_jitter_microseconds | | long | +| netflow.reverse_rfc3550_jitter_milliseconds | | long | +| netflow.reverse_rfc3550_jitter_nanoseconds | | long | +| netflow.reverse_rtp_payload_type | | short | +| netflow.reverse_rtp_sequence_number | | integer | +| netflow.reverse_sampler_id | | short | +| netflow.reverse_sampler_mode | | short | +| netflow.reverse_sampler_name | | keyword | +| netflow.reverse_sampler_random_interval | | long | +| netflow.reverse_sampling_algorithm | | short | +| netflow.reverse_sampling_flow_interval | | long | +| netflow.reverse_sampling_flow_spacing | | long | +| netflow.reverse_sampling_interval | | long | +| netflow.reverse_sampling_packet_interval | | long | +| netflow.reverse_sampling_packet_space | | long | +| netflow.reverse_sampling_population | | long | +| netflow.reverse_sampling_probability | | double | +| netflow.reverse_sampling_size | | long | +| netflow.reverse_sampling_time_interval | | long | +| netflow.reverse_sampling_time_space | | long | +| netflow.reverse_second_packet_banner | | keyword | +| netflow.reverse_section_exported_octets | | integer | +| netflow.reverse_section_offset | | integer | +| netflow.reverse_selection_sequence_id | | long | +| netflow.reverse_selector_algorithm | | integer | +| netflow.reverse_selector_id | | long | +| netflow.reverse_selector_id_total_flows_observed | | long | +| netflow.reverse_selector_id_total_flows_selected | | long | +| netflow.reverse_selector_id_total_pkts_observed | | long | +| netflow.reverse_selector_id_total_pkts_selected | | long | +| netflow.reverse_selector_name | | keyword | +| netflow.reverse_session_scope | | short | +| netflow.reverse_small_packet_count | | long | +| netflow.reverse_source_ipv4_address | | ip | +| netflow.reverse_source_ipv4_prefix | | ip | +| netflow.reverse_source_ipv4_prefix_length | | short | +| netflow.reverse_source_ipv6_address | | ip | +| netflow.reverse_source_ipv6_prefix | | ip | +| netflow.reverse_source_ipv6_prefix_length | | short | +| netflow.reverse_source_mac_address | | keyword | +| netflow.reverse_source_transport_port | | integer | +| netflow.reverse_src_traffic_index | | long | +| netflow.reverse_sta_ipv4_address | | ip | +| netflow.reverse_sta_mac_address | | keyword | +| netflow.reverse_standard_deviation_interarrival_time | | long | +| netflow.reverse_standard_deviation_payload_length | | integer | +| netflow.reverse_system_init_time_milliseconds | | long | +| netflow.reverse_tcp_ack_total_count | | long | +| netflow.reverse_tcp_acknowledgement_number | | long | +| netflow.reverse_tcp_control_bits | | integer | +| netflow.reverse_tcp_destination_port | | integer | +| netflow.reverse_tcp_fin_total_count | | long | +| netflow.reverse_tcp_header_length | | short | +| netflow.reverse_tcp_options | | long | +| netflow.reverse_tcp_psh_total_count | | long | +| netflow.reverse_tcp_rst_total_count | | long | +| netflow.reverse_tcp_sequence_number | | long | +| netflow.reverse_tcp_source_port | | integer | +| netflow.reverse_tcp_syn_total_count | | long | +| netflow.reverse_tcp_urg_total_count | | long | +| netflow.reverse_tcp_urgent_pointer | | integer | +| netflow.reverse_tcp_window_scale | | integer | +| netflow.reverse_tcp_window_size | | integer | +| netflow.reverse_total_length_ipv4 | | integer | +| netflow.reverse_transport_octet_delta_count | | long | +| netflow.reverse_transport_packet_delta_count | | long | +| netflow.reverse_tunnel_technology | | keyword | +| netflow.reverse_udp_destination_port | | integer | +| netflow.reverse_udp_message_length | | integer | +| netflow.reverse_udp_source_port | | integer | +| netflow.reverse_union_tcp_flags | | short | +| netflow.reverse_upper_ci_limit | | double | +| netflow.reverse_user_name | | keyword | +| netflow.reverse_value_distribution_method | | short | +| netflow.reverse_virtual_station_interface_id | | keyword | +| netflow.reverse_virtual_station_interface_name | | keyword | +| netflow.reverse_virtual_station_name | | keyword | +| netflow.reverse_virtual_station_uuid | | keyword | +| netflow.reverse_vlan_id | | integer | +| netflow.reverse_vr_fname | | keyword | +| netflow.reverse_wlan_channel_id | | short | +| netflow.reverse_wlan_ssid | | keyword | +| netflow.reverse_wtp_mac_address | | keyword | | netflow.rfc3550_jitter_microseconds | | long | | netflow.rfc3550_jitter_milliseconds | | long | | netflow.rfc3550_jitter_nanoseconds | | long | +| netflow.rtp_payload_type | | short | | netflow.rtp_sequence_number | | integer | | netflow.sampler_id | | short | | netflow.sampler_mode | | short | @@ -642,6 +1468,7 @@ The `log` dataset collects netflow logs. | netflow.sampling_size | | long | | netflow.sampling_time_interval | | long | | netflow.sampling_time_space | | long | +| netflow.second_packet_banner | | keyword | | netflow.section_exported_octets | | integer | | netflow.section_offset | | integer | | netflow.selection_sequence_id | | long | @@ -652,7 +1479,10 @@ The `log` dataset collects netflow logs. | netflow.selector_id_total_pkts_observed | | long | | netflow.selector_id_total_pkts_selected | | long | | netflow.selector_name | | keyword | +| netflow.service_name | | keyword | | netflow.session_scope | | short | +| netflow.silk_app_label | | integer | +| netflow.small_packet_count | | long | | netflow.source_ipv4_address | | ip | | netflow.source_ipv4_prefix | | ip | | netflow.source_ipv4_prefix_length | | short | @@ -663,8 +1493,25 @@ The `log` dataset collects netflow logs. | netflow.source_transport_port | | integer | | netflow.source_transport_ports_limit | | integer | | netflow.src_traffic_index | | long | +| netflow.ssl_cert_serial_number | | keyword | +| netflow.ssl_cert_signature | | keyword | +| netflow.ssl_cert_validity_not_after | | keyword | +| netflow.ssl_cert_validity_not_before | | keyword | +| netflow.ssl_cert_version | | short | +| netflow.ssl_certificate_hash | | keyword | +| netflow.ssl_cipher | | keyword | +| netflow.ssl_client_version | | short | +| netflow.ssl_compression_method | | short | +| netflow.ssl_object_type | | keyword | +| netflow.ssl_object_value | | keyword | +| netflow.ssl_public_key_algorithm | | keyword | +| netflow.ssl_public_key_length | | keyword | +| netflow.ssl_server_cipher | | long | +| netflow.ssl_server_name | | keyword | | netflow.sta_ipv4_address | | ip | | netflow.sta_mac_address | | keyword | +| netflow.standard_deviation_interarrival_time | | long | +| netflow.standard_deviation_payload_length | | short | | netflow.system_init_time_milliseconds | | date | | netflow.tcp_ack_total_count | | long | | netflow.tcp_acknowledgement_number | | long | @@ -683,7 +1530,12 @@ The `log` dataset collects netflow logs. | netflow.tcp_window_scale | | integer | | netflow.tcp_window_size | | integer | | netflow.template_id | | integer | +| netflow.tftp_filename | | keyword | +| netflow.tftp_mode | | keyword | +| netflow.timestamp | | long | +| netflow.timestamp_absolute_monitoring-interval | | long | | netflow.total_length_ipv4 | | integer | +| netflow.traffic_type | | short | | netflow.transport_octet_delta_count | | long | | netflow.transport_packet_delta_count | | long | | netflow.tunnel_technology | | keyword | @@ -691,19 +1543,37 @@ The `log` dataset collects netflow logs. | netflow.udp_destination_port | | integer | | netflow.udp_message_length | | integer | | netflow.udp_source_port | | integer | +| netflow.union_tcp_flags | | short | | netflow.upper_ci_limit | | double | | netflow.user_name | | keyword | +| netflow.username | | keyword | | netflow.value_distribution_method | | short | +| netflow.viptela_vpn_id | | long | | netflow.virtual_station_interface_id | | short | | netflow.virtual_station_interface_name | | keyword | | netflow.virtual_station_name | | keyword | | netflow.virtual_station_uuid | | short | | netflow.vlan_id | | integer | +| netflow.vmware_egress_interface_attr | | integer | +| netflow.vmware_ingress_interface_attr | | integer | +| netflow.vmware_tenant_dest_ipv4 | | ip | +| netflow.vmware_tenant_dest_ipv6 | | ip | +| netflow.vmware_tenant_dest_port | | integer | +| netflow.vmware_tenant_protocol | | short | +| netflow.vmware_tenant_source_ipv4 | | ip | +| netflow.vmware_tenant_source_ipv6 | | ip | +| netflow.vmware_tenant_source_port | | integer | +| netflow.vmware_vxlan_export_role | | short | | netflow.vpn_identifier | | short | | netflow.vr_fname | | keyword | +| netflow.waasoptimization_segment | | short | | netflow.wlan_channel_id | | short | | netflow.wlan_ssid | | keyword | | netflow.wtp_mac_address | | keyword | +| netflow.xlate_destination_address_ip_v4 | | ip | +| netflow.xlate_destination_port | | integer | +| netflow.xlate_source_address_ip_v4 | | ip | +| netflow.xlate_source_port | | integer | | network.application | A name given to an application level protocol. This can be arbitrarily assigned for things like microservices, but also apply to things like skype, icq, facebook, twitter. This would be used in situations where the vendor or service can be decoded such as from the source/dest IP owners, ports, or wire format. The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS". | keyword | | network.bytes | Total bytes transferred in both directions. If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. | long | | network.community_id | A hash of source and destination IPs and ports, as well as the protocol used in a communication. This is a tool-agnostic standard to identify flows. Learn more at https://github.com/corelight/community-id-spec. | keyword |