openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
48150765022c421cd4e5e2dd9c009133145124f2
openshift-docs/modules/network-observability-flows-format.adoc
Sara Thomas 4815076502 OSDOCS-10171: Deduper merge mode 
Integrate NetObserv 1.6 feature branch with OCP docs main branch

OSDOCS-10211: eBPF flow rule filtering

OSDOCS-9959: NetObserv Health dashboard updates

Fixes xref error

Flow format reference regeneration

Update DNS example to include sampling>1 note

OSDOCS-9553: Netobserv Lokiless enhancements

OSDOCS-10790: Update NetObserv Operator Install prereqs

OSDOCS-10747: Adding FlowMetric API Reference

Changing FlowMetrics to FlowMetric

Netobserv API doc regeneration

OSDOCS-9969: netobserv cli

Network Observability 1.6 release notes
2024-06-17 12:20:10 +00:00

343 lines
6.5 KiB
Plaintext
Raw Blame History

// Automatically generated by 'hack/asciidoc-flows-gen.sh'. Do not edit, or make the NETOBSERV team aware of the editions.
:_mod-docs-content-type: REFERENCE
[id="network-observability-flows-format_{context}"]
= Network Flows format reference
This is the specification of the network flows format. That format is used when a Kafka exporter is configured, for Prometheus metrics labels as well as internally for the Loki store.
The "Filter ID" column shows which related name to use when defining Quick Filters (see `spec.consolePlugin.quickFilters` in the `FlowCollector` specification).
The "Loki label" column is useful when querying Loki directly: label fields need to be selected using link:https://grafana.com/docs/loki/latest/logql/log_queries/#log-stream-selector[stream selectors].
The "Cardinality" column gives information about the implied metric cardinality if this field was to be used as a Prometheus label with the `FlowMetric` API. For more information, see the "FlowMetric API reference".
[cols="1,1,3,1,1,1",options="header"]
|===
| Name | Type | Description | Filter ID | Loki label | Cardinality
| `Bytes`
| number
| Number of bytes
| n/a
| no
| avoid
| `DnsErrno`
| number
| Error number returned from DNS tracker ebpf hook function
| `dns_errno`
| no
| fine
| `DnsFlags`
| number
| DNS flags for DNS record
| n/a
| no
| fine
| `DnsFlagsResponseCode`
| string
| Parsed DNS header RCODEs name
| `dns_flag_response_code`
| no
| fine
| `DnsId`
| number
| DNS record id
| `dns_id`
| no
| avoid
| `DnsLatencyMs`
| number
| Time between a DNS request and response, in milliseconds
| `dns_latency`
| no
| avoid
| `Dscp`
| number
| Differentiated Services Code Point (DSCP) value
| `dscp`
| no
| fine
| `DstAddr`
| string
| Destination IP address (ipv4 or ipv6)
| `dst_address`
| no
| avoid
| `DstK8S_HostIP`
| string
| Destination node IP
| `dst_host_address`
| no
| fine
| `DstK8S_HostName`
| string
| Destination node name
| `dst_host_name`
| no
| fine
| `DstK8S_Name`
| string
| Name of the destination Kubernetes object, such as Pod name, Service name or Node name.
| `dst_name`
| no
| careful
| `DstK8S_Namespace`
| string
| Destination namespace
| `dst_namespace`
| yes
| fine
| `DstK8S_OwnerName`
| string
| Name of the destination owner, such as Deployment name, StatefulSet name, etc.
| `dst_owner_name`
| yes
| fine
| `DstK8S_OwnerType`
| string
| Kind of the destination owner, such as Deployment, StatefulSet, etc.
| `dst_kind`
| no
| fine
| `DstK8S_Type`
| string
| Kind of the destination Kubernetes object, such as Pod, Service or Node.
| `dst_kind`
| yes
| fine
| `DstK8S_Zone`
| string
| Destination availability zone
| `dst_zone`
| yes
| fine
| `DstMac`
| string
| Destination MAC address
| `dst_mac`
| no
| avoid
| `DstPort`
| number
| Destination port
| `dst_port`
| no
| careful
| `DstSubnetLabel`
| string
| Destination subnet label
| `dst_subnet_label`
| no
| fine
| `Duplicate`
| boolean
| Indicates if this flow was also captured from another interface on the same host
| n/a
| yes
| fine
| `Flags`
| number
| Logical OR combination of unique TCP flags comprised in the flow, as per RFC-9293, with additional custom flags to represent the following per-packet combinations: +
- SYN+ACK (0x100) +
- FIN+ACK (0x200) +
- RST+ACK (0x400)
| n/a
| no
| fine
| `FlowDirection`
| number
| Flow interpreted direction from the node observation point. Can be one of: +
- 0: Ingress (incoming traffic, from the node observation point) +
- 1: Egress (outgoing traffic, from the node observation point) +
- 2: Inner (with the same source and destination node)
| `node_direction`
| yes
| fine
| `IcmpCode`
| number
| ICMP code
| `icmp_code`
| no
| fine
| `IcmpType`
| number
| ICMP type
| `icmp_type`
| no
| fine
| `IfDirections`
| number
| Flow directions from the network interface observation point. Can be one of: +
- 0: Ingress (interface incoming traffic) +
- 1: Egress (interface outgoing traffic)
| `ifdirections`
| no
| fine
| `Interfaces`
| string
| Network interfaces
| `interfaces`
| no
| careful
| `K8S_ClusterName`
| string
| Cluster name or identifier
| `cluster_name`
| yes
| fine
| `K8S_FlowLayer`
| string
| Flow layer: 'app' or 'infra'
| `flow_layer`
| no
| fine
| `Packets`
| number
| Number of packets
| n/a
| no
| avoid
| `PktDropBytes`
| number
| Number of bytes dropped by the kernel
| n/a
| no
| avoid
| `PktDropLatestDropCause`
| string
| Latest drop cause
| `pkt_drop_cause`
| no
| fine
| `PktDropLatestFlags`
| number
| TCP flags on last dropped packet
| n/a
| no
| fine
| `PktDropLatestState`
| string
| TCP state on last dropped packet
| `pkt_drop_state`
| no
| fine
| `PktDropPackets`
| number
| Number of packets dropped by the kernel
| n/a
| no
| avoid
| `Proto`
| number
| L4 protocol
| `protocol`
| no
| fine
| `SrcAddr`
| string
| Source IP address (ipv4 or ipv6)
| `src_address`
| no
| avoid
| `SrcK8S_HostIP`
| string
| Source node IP
| `src_host_address`
| no
| fine
| `SrcK8S_HostName`
| string
| Source node name
| `src_host_name`
| no
| fine
| `SrcK8S_Name`
| string
| Name of the source Kubernetes object, such as Pod name, Service name or Node name.
| `src_name`
| no
| careful
| `SrcK8S_Namespace`
| string
| Source namespace
| `src_namespace`
| yes
| fine
| `SrcK8S_OwnerName`
| string
| Name of the source owner, such as Deployment name, StatefulSet name, etc.
| `src_owner_name`
| yes
| fine
| `SrcK8S_OwnerType`
| string
| Kind of the source owner, such as Deployment, StatefulSet, etc.
| `src_kind`
| no
| fine
| `SrcK8S_Type`
| string
| Kind of the source Kubernetes object, such as Pod, Service or Node.
| `src_kind`
| yes
| fine
| `SrcK8S_Zone`
| string
| Source availability zone
| `src_zone`
| yes
| fine
| `SrcMac`
| string
| Source MAC address
| `src_mac`
| no
| avoid
| `SrcPort`
| number
| Source port
| `src_port`
| no
| careful
| `SrcSubnetLabel`
| string
| Source subnet label
| `src_subnet_label`
| no
| fine
| `TimeFlowEndMs`
| number
| End timestamp of this flow, in milliseconds
| n/a
| no
| avoid
| `TimeFlowRttNs`
| number
| TCP Smoothed Round Trip Time (SRTT), in nanoseconds
| `time_flow_rtt`
| no
| avoid
| `TimeFlowStartMs`
| number
| Start timestamp of this flow, in milliseconds
| n/a
| no
| avoid
| `TimeReceived`
| number
| Timestamp when this flow was received and processed by the flow collector, in seconds
| n/a
| no
| avoid
| `_HashId`
| string
| In conversation tracking, the conversation identifier
| `id`
| no
| avoid
| `_RecordType`
| string
| Type of record: 'flowLog' for regular flow logs, or 'newConnection', 'heartbeat', 'endConnection' for conversation tracking
| `type`
| yes
| fine
|===
View Git Blame Copy Permalink