openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
e6b264c09edfed2f959cb1a5d5ab4df8992d7153
openshift-docs/modules/network-observability-flows-format.adoc
Gwynne Monahan f17b171f50 OSDOCS-14941 [NETOBSERV] Update API/CLI references
2025-07-02 17:00:50 +00:00

473 lines
8.6 KiB
Plaintext
Raw Blame History

// Automatically generated by 'hack/asciidoc-flows-gen.sh'. Do not edit, or make the NETOBSERV team aware of the editions.
:_mod-docs-content-type: REFERENCE
[id="network-observability-flows-format_{context}"]
= Network Flows format reference
This is the specification of the network flows format. That format is used when a Kafka exporter is configured, for Prometheus metrics labels as well as internally for the Loki store.
The "Filter ID" column shows which related name to use when defining Quick Filters (see `spec.consolePlugin.quickFilters` in the `FlowCollector` specification).
The "Loki label" column is useful when querying Loki directly: label fields need to be selected using link:https://grafana.com/docs/loki/latest/logql/log_queries/#log-stream-selector[stream selectors].
The "Cardinality" column gives information about the implied metric cardinality if this field was to be used as a Prometheus label with the `FlowMetrics` API. Refer to the `FlowMetrics` documentation for more information on using this API.
[cols="1,1,3,1,1,1,1",options="header"]
|===
| Name | Type | Description | Filter ID | Loki label | Cardinality | OpenTelemetry
| `Bytes`
| number
| Number of bytes
| n/a
| no
| avoid
| bytes
| `DnsErrno`
| number
| Error number returned from DNS tracker ebpf hook function
| `dns_errno`
| no
| fine
| dns.errno
| `DnsFlags`
| number
| DNS flags for DNS record
| n/a
| no
| fine
| dns.flags
| `DnsFlagsResponseCode`
| string
| Parsed DNS header RCODEs name
| `dns_flag_response_code`
| no
| fine
| dns.responsecode
| `DnsId`
| number
| DNS record id
| `dns_id`
| no
| avoid
| dns.id
| `DnsLatencyMs`
| number
| Time between a DNS request and response, in milliseconds
| `dns_latency`
| no
| avoid
| dns.latency
| `Dscp`
| number
| Differentiated Services Code Point (DSCP) value
| `dscp`
| no
| fine
| dscp
| `DstAddr`
| string
| Destination IP address (ipv4 or ipv6)
| `dst_address`
| no
| avoid
| destination.address
| `DstK8S_HostIP`
| string
| Destination node IP
| `dst_host_address`
| no
| fine
| destination.k8s.host.address
| `DstK8S_HostName`
| string
| Destination node name
| `dst_host_name`
| no
| fine
| destination.k8s.host.name
| `DstK8S_Name`
| string
| Name of the destination Kubernetes object, such as Pod name, Service name or Node name.
| `dst_name`
| no
| careful
| destination.k8s.name
| `DstK8S_Namespace`
| string
| Destination namespace
| `dst_namespace`
| yes
| fine
| destination.k8s.namespace.name
| `DstK8S_NetworkName`
| string
| Destination network name
| `dst_network`
| no
| fine
| n/a
| `DstK8S_OwnerName`
| string
| Name of the destination owner, such as Deployment name, StatefulSet name, etc.
| `dst_owner_name`
| yes
| fine
| destination.k8s.owner.name
| `DstK8S_OwnerType`
| string
| Kind of the destination owner, such as Deployment, StatefulSet, etc.
| `dst_kind`
| no
| fine
| destination.k8s.owner.kind
| `DstK8S_Type`
| string
| Kind of the destination Kubernetes object, such as Pod, Service or Node.
| `dst_kind`
| yes
| fine
| destination.k8s.kind
| `DstK8S_Zone`
| string
| Destination availability zone
| `dst_zone`
| yes
| fine
| destination.zone
| `DstMac`
| string
| Destination MAC address
| `dst_mac`
| no
| avoid
| destination.mac
| `DstPort`
| number
| Destination port
| `dst_port`
| no
| careful
| destination.port
| `DstSubnetLabel`
| string
| Destination subnet label
| `dst_subnet_label`
| no
| fine
| n/a
| `Flags`
| string[]
| List of TCP flags comprised in the flow, as per RFC-9293, with additional custom flags to represent the following per-packet combinations: +
- SYN_ACK +
- FIN_ACK +
- RST_ACK
| `tcp_flags`
| no
| careful
| tcp.flags
| `FlowDirection`
| number
| Flow interpreted direction from the node observation point. Can be one of: +
- 0: Ingress (incoming traffic, from the node observation point) +
- 1: Egress (outgoing traffic, from the node observation point) +
- 2: Inner (with the same source and destination node)
| `node_direction`
| yes
| fine
| host.direction
| `IPSecStatus`
| string
| Status of the IPsec encryption (on egress, given by the kernel xfrm_output function) or decryption (on ingress, via xfrm_input)
| `ipsec_status`
| no
| fine
| n/a
| `IcmpCode`
| number
| ICMP code
| `icmp_code`
| no
| fine
| icmp.code
| `IcmpType`
| number
| ICMP type
| `icmp_type`
| no
| fine
| icmp.type
| `IfDirections`
| number[]
| Flow directions from the network interface observation point. Can be one of: +
- 0: Ingress (interface incoming traffic) +
- 1: Egress (interface outgoing traffic)
| `ifdirections`
| no
| fine
| interface.directions
| `Interfaces`
| string[]
| Network interfaces
| `interfaces`
| no
| careful
| interface.names
| `K8S_ClusterName`
| string
| Cluster name or identifier
| `cluster_name`
| yes
| fine
| k8s.cluster.name
| `K8S_FlowLayer`
| string
| Flow layer: 'app' or 'infra'
| `flow_layer`
| yes
| fine
| k8s.layer
| `NetworkEvents`
| object[]
| Network events, such as network policy actions, composed of nested fields: +
- Feature (such as "acl" for network policies) +
- Type (such as an "AdminNetworkPolicy") +
- Namespace (namespace where the event applies, if any) +
- Name (name of the resource that triggered the event) +
- Action (such as "allow" or "drop") +
- Direction (Ingress or Egress)
| `network_events`
| no
| avoid
| n/a
| `Packets`
| number
| Number of packets
| n/a
| no
| avoid
| packets
| `PktDropBytes`
| number
| Number of bytes dropped by the kernel
| n/a
| no
| avoid
| drops.bytes
| `PktDropLatestDropCause`
| string
| Latest drop cause
| `pkt_drop_cause`
| no
| fine
| drops.latestcause
| `PktDropLatestFlags`
| number
| TCP flags on last dropped packet
| n/a
| no
| fine
| drops.latestflags
| `PktDropLatestState`
| string
| TCP state on last dropped packet
| `pkt_drop_state`
| no
| fine
| drops.lateststate
| `PktDropPackets`
| number
| Number of packets dropped by the kernel
| n/a
| no
| avoid
| drops.packets
| `Proto`
| number
| L4 protocol
| `protocol`
| no
| fine
| protocol
| `Sampling`
| number
| Sampling rate used for this flow
| n/a
| no
| fine
| n/a
| `SrcAddr`
| string
| Source IP address (ipv4 or ipv6)
| `src_address`
| no
| avoid
| source.address
| `SrcK8S_HostIP`
| string
| Source node IP
| `src_host_address`
| no
| fine
| source.k8s.host.address
| `SrcK8S_HostName`
| string
| Source node name
| `src_host_name`
| no
| fine
| source.k8s.host.name
| `SrcK8S_Name`
| string
| Name of the source Kubernetes object, such as Pod name, Service name or Node name.
| `src_name`
| no
| careful
| source.k8s.name
| `SrcK8S_Namespace`
| string
| Source namespace
| `src_namespace`
| yes
| fine
| source.k8s.namespace.name
| `SrcK8S_NetworkName`
| string
| Source network name
| `src_network`
| no
| fine
| n/a
| `SrcK8S_OwnerName`
| string
| Name of the source owner, such as Deployment name, StatefulSet name, etc.
| `src_owner_name`
| yes
| fine
| source.k8s.owner.name
| `SrcK8S_OwnerType`
| string
| Kind of the source owner, such as Deployment, StatefulSet, etc.
| `src_kind`
| no
| fine
| source.k8s.owner.kind
| `SrcK8S_Type`
| string
| Kind of the source Kubernetes object, such as Pod, Service or Node.
| `src_kind`
| yes
| fine
| source.k8s.kind
| `SrcK8S_Zone`
| string
| Source availability zone
| `src_zone`
| yes
| fine
| source.zone
| `SrcMac`
| string
| Source MAC address
| `src_mac`
| no
| avoid
| source.mac
| `SrcPort`
| number
| Source port
| `src_port`
| no
| careful
| source.port
| `SrcSubnetLabel`
| string
| Source subnet label
| `src_subnet_label`
| no
| fine
| n/a
| `TimeFlowEndMs`
| number
| End timestamp of this flow, in milliseconds
| n/a
| no
| avoid
| timeflowend
| `TimeFlowRttNs`
| number
| TCP Smoothed Round Trip Time (SRTT), in nanoseconds
| `time_flow_rtt`
| no
| avoid
| tcp.rtt
| `TimeFlowStartMs`
| number
| Start timestamp of this flow, in milliseconds
| n/a
| no
| avoid
| timeflowstart
| `TimeReceived`
| number
| Timestamp when this flow was received and processed by the flow collector, in seconds
| n/a
| no
| avoid
| timereceived
| `Udns`
| string[]
| List of User Defined Networks
| `udns`
| no
| careful
| n/a
| `XlatDstAddr`
| string
| packet translation destination address
| `xlat_dst_address`
| no
| avoid
| n/a
| `XlatDstPort`
| number
| packet translation destination port
| `xlat_dst_port`
| no
| careful
| n/a
| `XlatSrcAddr`
| string
| packet translation source address
| `xlat_src_address`
| no
| avoid
| n/a
| `XlatSrcPort`
| number
| packet translation source port
| `xlat_src_port`
| no
| careful
| n/a
| `ZoneId`
| number
| packet translation zone id
| `xlat_zone_id`
| no
| avoid
| n/a
| `_HashId`
| string
| In conversation tracking, the conversation identifier
| `id`
| no
| avoid
| n/a
| `_RecordType`
| string
| Type of record: `flowLog` for regular flow logs, or `newConnection`, `heartbeat`, `endConnection` for conversation tracking
| `type`
| yes
| fine
| n/a
|===
View Git Blame Copy Permalink