openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
bbb545cb0fcaa08f95e0853d83a491c841bbb333
openshift-docs/modules/network-observability-cli-capturing-flows.adoc
Sara Thomas 4815076502 OSDOCS-10171: Deduper merge mode 
Integrate NetObserv 1.6 feature branch with OCP docs main branch

OSDOCS-10211: eBPF flow rule filtering

OSDOCS-9959: NetObserv Health dashboard updates

Fixes xref error

Flow format reference regeneration

Update DNS example to include sampling>1 note

OSDOCS-9553: Netobserv Lokiless enhancements

OSDOCS-10790: Update NetObserv Operator Install prereqs

OSDOCS-10747: Adding FlowMetric API Reference

Changing FlowMetrics to FlowMetric

Netobserv API doc regeneration

OSDOCS-9969: netobserv cli

Network Observability 1.6 release notes
2024-06-17 12:20:10 +00:00

89 lines
3.1 KiB
Plaintext
Raw Blame History

//Module included in the following assemblies:
//
// observability/network_observability/netobserv_cli/netobserv-cli-using.adoc
:_mod-docs-content-type: PROCEDURE
[id="network-observability-cli-capturing-flows_{context}"]
= Capturing flows
You can capture flows and filter on any resource or zone in the data to solve use cases, such as displaying Round-Trip Time (RTT) between two zones. Table visualization in the CLI provides viewing and flow search capabilities.
.Prerequisites
* Install the {oc-first}.
* Install the Network Observability CLI (`oc netobserv`) plugin.
.Procedure
. Capture flows with filters enabled by running the following command:
+
[source,terminal]
----
$ oc netobserv flows --enable_filter=true --action=Accept --cidr=0.0.0.0/0 --protocol=TCP --port=49051
----
. Add filters to the `live table filter` prompt in the terminal to further refine the incoming flows. For example:
+
[source,terminal]
----
live table filter: [SrcK8S_Zone:us-west-1b] press enter to match multiple regular expressions at once
----
. To stop capturing, press kbd:[Ctrl+C]. The data that was captured is written to two separate files in an `./output` directory located in the same path used to install the CLI.
. View the captured data in the `./output/flow/<capture_date_time>.json` JSON file, which contains JSON arrays of the captured data.
+
.Example JSON file
[source,json]
----
{
"AgentIP": "10.0.1.76",
"Bytes": 561,
"DnsErrno": 0,
"Dscp": 20,
"DstAddr": "f904:ece9:ba63:6ac7:8018:1e5:7130:0",
"DstMac": "0A:58:0A:80:00:37",
"DstPort": 9999,
"Duplicate": false,
"Etype": 2048,
"Flags": 16,
"FlowDirection": 0,
"IfDirection": 0,
"Interface": "ens5",
"K8S_FlowLayer": "infra",
"Packets": 1,
"Proto": 6,
"SrcAddr": "3e06:6c10:6440:2:a80:37:b756:270f",
"SrcMac": "0A:58:0A:80:00:01",
"SrcPort": 46934,
"TimeFlowEndMs": 1709741962111,
"TimeFlowRttNs": 121000,
"TimeFlowStartMs": 1709741962111,
"TimeReceived": 1709741964
}
----
. You can use SQLite to inspect the `./output/flow/<capture_date_time>.db` database file. For example:
.. Open the file by running the following command:
+
[source,terminal]
----
$ sqlite3 ./output/flow/<capture_date_time>.db
----
.. Query the data by running a SQLite `SELECT` statement, for example:
+
[source,terminal]
----
sqlite> SELECT DnsLatencyMs, DnsFlagsResponseCode, DnsId, DstAddr, DstPort, Interface, Proto, SrcAddr, SrcPort, Bytes, Packets FROM flow WHERE DnsLatencyMs >10 LIMIT 10;
----
+
.Example output
[source,terminal]
----
12|NoError|58747|10.128.0.63|57856||17|172.30.0.10|53|284|1
11|NoError|20486|10.128.0.52|56575||17|169.254.169.254|53|225|1
11|NoError|59544|10.128.0.103|51089||17|172.30.0.10|53|307|1
13|NoError|32519|10.128.0.52|55241||17|169.254.169.254|53|254|1
12|NoError|32519|10.0.0.3|55241||17|169.254.169.254|53|254|1
15|NoError|57673|10.128.0.19|59051||17|172.30.0.10|53|313|1
13|NoError|35652|10.0.0.3|46532||17|169.254.169.254|53|183|1
32|NoError|37326|10.0.0.3|52718||17|169.254.169.254|53|169|1
14|NoError|14530|10.0.0.3|58203||17|169.254.169.254|53|246|1
15|NoError|40548|10.0.0.3|45933||17|169.254.169.254|53|174|1
----
View Git Blame Copy Permalink