我的书签
添加书签
移除书签Network flows format reference
These are the specifications for network flows format, used both internally and when exporting flows to Kafka.
Network Flows format reference
The document is organized in two main categories: Labels and regular Fields. This distinction only matters when querying Loki. This is because Labels, unlike Fields, must be used in stream selectors.
If you are reading this specification as a reference for the Kafka export feature, you must treat all Labels and Fields as regualr fields and ignore any distinctions between them that are specific to Loki.
Labels
SrcK8S_Namespace
OptionalSrcK8S_Namespace:string
Source namespace
DstK8S_Namespace
OptionalDstK8S_Namespace:string
Destination namespace
SrcK8S_OwnerName
OptionalSrcK8S_OwnerName:string
Source owner, such as Deployment, StatefulSet, etc.
DstK8S_OwnerName
OptionalDstK8S_OwnerName:string
Destination owner, such as Deployment, StatefulSet, etc.
FlowDirection
- FlowDirection: see the following section, Enumeration: FlowDirection for more details.
Flow direction from the node observation point
_RecordType
Optional_RecordType:RecordType
Type of record: ‘flowLog’ for regular flow logs, or ‘allConnections’, ‘newConnection’, ‘heartbeat’, ‘endConnection’ for conversation tracking
Fields
SrcAddr
- SrcAddr:
string
Source IP address (ipv4 or ipv6)
DstAddr
- DstAddr:
string
Destination IP address (ipv4 or ipv6)
SrcMac
- SrcMac:
string
Source MAC address
DstMac
- DstMac:
string
Destination MAC address
SrcK8S_Name
OptionalSrcK8S_Name:string
Name of the source matched Kubernetes object, such as Pod name, Service name, etc.
DstK8S_Name
OptionalDstK8S_Name:string
Name of the destination matched Kubernetes object, such as Pod name, Service name, etc.
SrcK8S_Type
OptionalSrcK8S_Type:string
Kind of the source matched Kubernetes object, such as Pod, Service, etc.
DstK8S_Type
OptionalDstK8S_Type:string
Kind of the destination matched Kubernetes object, such as Pod name, Service name, etc.
SrcPort
- SrcPort:
number
Source port
DstPort
- DstPort:
number
Destination port
SrcK8S_OwnerType
OptionalSrcK8S_OwnerType:string
Kind of the source Kubernetes owner, such as Deployment, StatefulSet, etc.
DstK8S_OwnerType
OptionalDstK8S_OwnerType:string
Kind of the destination Kubernetes owner, such as Deployment, StatefulSet, etc.
SrcK8S_HostIP
OptionalSrcK8S_HostIP:string
Source node IP
DstK8S_HostIP
OptionalDstK8S_HostIP:string
Destination node IP
SrcK8S_HostName
OptionalSrcK8S_HostName:string
Source node name
DstK8S_HostName
OptionalDstK8S_HostName:string
Destination node name
Proto
- Proto:
number
L4 protocol
Interface
OptionalInterface:string
Network interface
Packets
- Packets:
number
Number of packets in this flow
Packets_AB
OptionalPackets_AB:number
In conversation tracking, A to B packets counter per conversation
Packets_BA
OptionalPackets_BA:number
In conversation tracking, B to A packets counter per conversation
Bytes
- Bytes:
number
Number of bytes in this flow
Bytes_AB
OptionalBytes_AB:number
In conversation tracking, A to B bytes counter per conversation
Bytes_BA
OptionalBytes_BA:number
In conversation tracking, B to A bytes counter per conversation
TimeFlowStartMs
- TimeFlowStartMs:
number
Start timestamp of this flow, in milliseconds
TimeFlowEndMs
- TimeFlowEndMs:
number
End timestamp of this flow, in milliseconds
TimeReceived
- TimeReceived:
number
Timestamp when this flow was received and processed by the flow collector, in seconds
_HashId
Optional_HashId:string
In conversation tracking, the conversation identifier
_IsFirst
Optional_IsFirst:string
In conversation tracking, a flag identifying the first flow
numFlowLogs
OptionalnumFlowLogs:number
In conversation tracking, a counter of flow logs per conversation
Enumeration: FlowDirection
Ingress
- Ingress =
"0"
Incoming traffic, from node observation point
Egress
- Egress =
"1"
Outgoing traffic, from node observation point
