You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
tooltip: Logical OR combination of unique TCP flags comprised in the flow, as per RFC-9293, with additional custom values.
559
+
field: Flags
560
+
filter: tcp_flags
561
+
default: false
562
+
width: 10
531
563
- id: FlowDirection
532
564
name: Node Direction
533
565
tooltip: The interpreted direction of the flow observed at the Node observation point.
@@ -635,6 +667,14 @@ frontend:
635
667
default: true
636
668
width: 5
637
669
feature: flowRTT
670
+
- id: NetworkEvents
671
+
name: Network Events
672
+
tooltip: Network events flow monitor
673
+
field: NetworkEvents
674
+
filter: network_events
675
+
default: true
676
+
width: 15
677
+
feature: networkEvents
638
678
filters:
639
679
- id: cluster_name
640
680
name: Cluster
@@ -754,6 +794,16 @@ frontend:
754
794
component: autocomplete
755
795
category: destination
756
796
hint: Specify a single zone.
797
+
- id: src_subnet_label
798
+
name: Subnet Label
799
+
component: autocomplete
800
+
category: source
801
+
hint: Specify a subnet label, or an empty string to get unmatched sources.
802
+
- id: dst_subnet_label
803
+
name: Subnet Label
804
+
component: autocomplete
805
+
category: destination
806
+
hint: Specify a subnet label, or an empty string to get unmatched destinations.
757
807
- id: src_resource
758
808
name: Resource
759
809
component: autocomplete
@@ -912,6 +962,24 @@ frontend:
912
962
name: ICMP code
913
963
component: number
914
964
hint: Specify an ICMP code value as integer number.
965
+
- id: tcp_flags
966
+
name: TCP flags
967
+
component: autocomplete
968
+
hint: Specify a TCP flags value as integer number.
969
+
examples: |-
970
+
Logical OR combination of unique TCP flags comprised in the flow, as per RFC-9293, with additional custom flags
971
+
users can specify either numeric value or string representation of the flags as follows :
972
+
- FIN or 1,
973
+
- SYN or 2,
974
+
- RST or 4,
975
+
- PSH or 8,
976
+
- ACK or 16,
977
+
- URG or 32,
978
+
- ECE or 64,
979
+
- CWR or 128,
980
+
- SYN_ACK or 256,
981
+
- FIN_ACK or 512,
982
+
- RST_ACK or 1024,
915
983
- id: node_direction
916
984
name: Node Direction
917
985
component: autocomplete
@@ -982,109 +1050,152 @@ frontend:
982
1050
name: Flow RTT
983
1051
component: number
984
1052
hint: Specify a TCP smoothed Round Trip Time in nanoseconds.
1053
+
- id: network_events
1054
+
name: Network events flow monitoring
1055
+
component: text
1056
+
hint: Specify a single network event.
985
1057
fields:
986
1058
- name: TimeFlowStartMs
987
1059
type: number
988
1060
description: Start timestamp of this flow, in milliseconds
1061
+
cardinalityWarn: avoid
989
1062
- name: TimeFlowEndMs
990
1063
type: number
991
1064
description: End timestamp of this flow, in milliseconds
1065
+
cardinalityWarn: avoid
992
1066
- name: TimeReceived
993
1067
type: number
994
1068
description: Timestamp when this flow was received and processed by the flow collector, in seconds
1069
+
cardinalityWarn: avoid
995
1070
- name: SrcK8S_Name
996
1071
type: string
997
1072
description: Name of the source Kubernetes object, such as Pod name, Service name or Node name.
1073
+
cardinalityWarn: careful
998
1074
- name: SrcK8S_Type
999
1075
type: string
1000
1076
description: Kind of the source Kubernetes object, such as Pod, Service or Node.
1001
1077
lokiLabel: true
1078
+
cardinalityWarn: fine
1002
1079
- name: SrcK8S_OwnerName
1003
1080
type: string
1004
1081
description: Name of the source owner, such as Deployment name, StatefulSet name, etc.
1005
1082
lokiLabel: true
1083
+
cardinalityWarn: fine
1006
1084
- name: SrcK8S_OwnerType
1007
1085
type: string
1008
1086
description: Kind of the source owner, such as Deployment, StatefulSet, etc.
1087
+
cardinalityWarn: fine
1009
1088
- name: SrcK8S_Namespace
1010
1089
type: string
1011
1090
description: Source namespace
1012
1091
lokiLabel: true
1092
+
cardinalityWarn: fine
1013
1093
- name: SrcAddr
1014
1094
type: string
1015
1095
description: Source IP address (ipv4 or ipv6)
1096
+
cardinalityWarn: avoid
1016
1097
- name: SrcPort
1017
1098
type: number
1018
1099
description: Source port
1100
+
cardinalityWarn: careful
1019
1101
- name: SrcMac
1020
1102
type: string
1021
1103
description: Source MAC address
1104
+
cardinalityWarn: avoid
1022
1105
- name: SrcK8S_HostIP
1023
1106
type: string
1024
1107
description: Source node IP
1108
+
cardinalityWarn: fine
1025
1109
- name: SrcK8S_HostName
1026
1110
type: string
1027
1111
description: Source node name
1112
+
cardinalityWarn: fine
1028
1113
- name: SrcK8S_Zone
1029
1114
type: string
1030
1115
description: Source availability zone
1031
1116
lokiLabel: true
1117
+
cardinalityWarn: fine
1118
+
- name: SrcSubnetLabel
1119
+
type: string
1120
+
description: Source subnet label
1121
+
cardinalityWarn: fine
1032
1122
- name: DstK8S_Name
1033
1123
type: string
1034
1124
description: Name of the destination Kubernetes object, such as Pod name, Service name or Node name.
1125
+
cardinalityWarn: careful
1035
1126
- name: DstK8S_Type
1036
1127
type: string
1037
1128
description: Kind of the destination Kubernetes object, such as Pod, Service or Node.
1038
1129
lokiLabel: true
1130
+
cardinalityWarn: fine
1039
1131
- name: DstK8S_OwnerName
1040
1132
type: string
1041
1133
description: Name of the destination owner, such as Deployment name, StatefulSet name, etc.
1042
1134
lokiLabel: true
1135
+
cardinalityWarn: fine
1043
1136
- name: DstK8S_OwnerType
1044
1137
type: string
1045
1138
description: Kind of the destination owner, such as Deployment, StatefulSet, etc.
1139
+
cardinalityWarn: fine
1046
1140
- name: DstK8S_Namespace
1047
1141
type: string
1048
1142
description: Destination namespace
1049
1143
lokiLabel: true
1144
+
cardinalityWarn: fine
1050
1145
- name: DstAddr
1051
1146
type: string
1052
1147
description: Destination IP address (ipv4 or ipv6)
1148
+
cardinalityWarn: avoid
1053
1149
- name: DstPort
1054
1150
type: number
1055
1151
description: Destination port
1152
+
cardinalityWarn: careful
1056
1153
- name: DstMac
1057
1154
type: string
1058
1155
description: Destination MAC address
1156
+
cardinalityWarn: avoid
1059
1157
- name: DstK8S_HostIP
1060
1158
type: string
1061
1159
description: Destination node IP
1160
+
cardinalityWarn: fine
1062
1161
- name: DstK8S_HostName
1063
1162
type: string
1064
1163
description: Destination node name
1164
+
cardinalityWarn: fine
1065
1165
- name: DstK8S_Zone
1066
1166
type: string
1067
1167
description: Destination availability zone
1068
1168
lokiLabel: true
1169
+
cardinalityWarn: fine
1170
+
- name: DstSubnetLabel
1171
+
type: string
1172
+
description: Destination subnet label
1173
+
cardinalityWarn: fine
1069
1174
- name: K8S_FlowLayer
1070
1175
type: string
1071
1176
description: "Flow layer: 'app' or 'infra'"
1177
+
cardinalityWarn: fine
1072
1178
- name: Proto
1073
1179
type: number
1074
1180
description: L4 protocol
1181
+
cardinalityWarn: fine
1075
1182
- name: Dscp
1076
1183
type: number
1077
1184
description: Differentiated Services Code Point (DSCP) value
1185
+
cardinalityWarn: fine
1078
1186
- name: IcmpType
1079
1187
type: number
1080
1188
description: ICMP type
1189
+
cardinalityWarn: fine
1081
1190
- name: IcmpCode
1082
1191
type: number
1083
1192
description: ICMP code
1193
+
cardinalityWarn: fine
1084
1194
- name: Duplicate
1085
1195
type: boolean
1086
1196
description: Indicates if this flow was also captured from another interface on the same host
1087
1197
lokiLabel: true
1198
+
cardinalityWarn: fine
1088
1199
- name: FlowDirection
1089
1200
type: number
1090
1201
description: |
@@ -1093,71 +1204,95 @@ frontend:
1093
1204
- 1: Egress (outgoing traffic, from the node observation point) +
1094
1205
- 2: Inner (with the same source and destination node)
1095
1206
lokiLabel: true
1207
+
cardinalityWarn: fine
1096
1208
- name: IfDirections
1097
1209
type: number
1098
1210
description: |
1099
1211
Flow directions from the network interface observation point. Can be one of: +
1100
1212
- 0: Ingress (interface incoming traffic) +
1101
1213
- 1: Egress (interface outgoing traffic)
1214
+
cardinalityWarn: fine
1102
1215
- name: Interfaces
1103
1216
type: string
1104
1217
description: Network interfaces
1218
+
cardinalityWarn: careful
1105
1219
- name: Flags
1106
1220
type: number
1107
1221
description: |
1108
1222
Logical OR combination of unique TCP flags comprised in the flow, as per RFC-9293, with additional custom flags to represent the following per-packet combinations: +
1109
1223
- SYN+ACK (0x100) +
1110
1224
- FIN+ACK (0x200) +
1111
1225
- RST+ACK (0x400)
1226
+
cardinalityWarn: fine
1112
1227
- name: Bytes
1113
1228
type: number
1114
1229
description: Number of bytes
1230
+
cardinalityWarn: avoid
1115
1231
- name: Packets
1116
1232
type: number
1117
1233
description: Number of packets
1234
+
cardinalityWarn: avoid
1118
1235
- name: PktDropBytes
1119
1236
type: number
1120
1237
description: Number of bytes dropped by the kernel
1238
+
cardinalityWarn: avoid
1121
1239
- name: PktDropPackets
1122
1240
type: number
1123
1241
description: Number of packets dropped by the kernel
1242
+
cardinalityWarn: avoid
1124
1243
- name: PktDropLatestState
1125
1244
type: string
1126
1245
description: TCP state on last dropped packet
1127
1246
filter: pkt_drop_state # couldn't guess from config
1247
+
cardinalityWarn: fine
1128
1248
- name: PktDropLatestDropCause
1129
1249
type: string
1130
1250
description: Latest drop cause
1131
1251
filter: pkt_drop_cause # couldn't guess from config
1252
+
cardinalityWarn: fine
1132
1253
- name: PktDropLatestFlags
1133
1254
type: number
1134
1255
description: TCP flags on last dropped packet
1256
+
cardinalityWarn: fine
1135
1257
- name: DnsId
1136
1258
type: number
1137
1259
description: DNS record id
1260
+
cardinalityWarn: avoid
1138
1261
- name: DnsLatencyMs
1139
1262
type: number
1140
1263
description: Time between a DNS request and response, in milliseconds
1264
+
cardinalityWarn: avoid
1141
1265
- name: DnsFlags
1142
1266
type: number
1143
1267
description: DNS flags for DNS record
1268
+
cardinalityWarn: fine
1144
1269
- name: DnsFlagsResponseCode
1145
1270
type: string
1146
1271
description: Parsed DNS header RCODEs name
1272
+
cardinalityWarn: fine
1147
1273
- name: DnsErrno
1148
1274
type: number
1149
1275
description: Error number returned from DNS tracker ebpf hook function
1276
+
cardinalityWarn: fine
1150
1277
- name: TimeFlowRttNs
1151
1278
type: number
1152
1279
description: TCP Smoothed Round Trip Time (SRTT), in nanoseconds
1280
+
cardinalityWarn: avoid
1281
+
- name: NetworkEvents
1282
+
type: string
1283
+
description: Network events flow monitoring
1284
+
cardinalityWarn: avoid
1153
1285
- name: K8S_ClusterName
1154
1286
type: string
1155
1287
description: Cluster name or identifier
1156
1288
lokiLabel: true
1289
+
cardinalityWarn: fine
1157
1290
- name: _RecordType
1158
1291
type: string
1159
1292
description: "Type of record: 'flowLog' for regular flow logs, or 'newConnection', 'heartbeat', 'endConnection' for conversation tracking"
1160
1293
lokiLabel: true
1294
+
cardinalityWarn: fine
1161
1295
- name: _HashId
1162
1296
type: string
1163
1297
description: In conversation tracking, the conversation identifier
0 commit comments