These are the specifications for network flows format, used both internally and when exporting flows to Kafka.
The document is organized in two main categories: Labels and regular Fields. This distinction only matters when querying Loki. This is because Labels, unlike Fields, must be used in stream selectors.
If you are reading this specification as a reference for the Kafka export feature, you must treat all Labels and Fields as regualr fields and ignore any distinctions between them that are specific to Loki.
Optional
SrcK8S_Namespace: string
Source namespace
Optional
DstK8S_Namespace: string
Destination namespace
Optional
SrcK8S_OwnerName: string
Source owner, such as deployment, StatefulSet, etc.
Optional
DstK8S_OwnerName: string
Destination owner, such as deployment, StatefulSet, etc.
FlowDirection: see the following section, Enumeration: FlowDirection for more details.
Flow direction from the node observation point
Optional
_RecordType: RecordType
Type of record: 'flowLog' for regular flow logs, or 'allConnections', 'newConnection', 'heartbeat', 'endConnection' for conversation tracking
SrcAddr: string
Source IP address (ipv4 or ipv6)
DstAddr: string
Destination IP address (ipv4 or ipv6)
SrcMac: string
Source MAC address
DstMac: string
Destination MAC address
Optional
SrcK8S_Name: string
Name of the source matched Kubernetes object, such as Pod name, Service name, etc.
Optional
DstK8S_Name: string
Name of the destination matched Kubernetes object, such as Pod name, Service name, etc.
Optional
SrcK8S_Type: string
Kind of the source matched Kubernetes object, such as Pod, Service, etc.
Optional
DstK8S_Type: string
Kind of the destination matched Kubernetes object, such as Pod name, Service name, etc.
SrcPort: number
Source port
DstPort: number
Destination port
Optional
SrcK8S_OwnerType: string
Kind of the source Kubernetes owner, such as deployment, StatefulSet, etc.
Optional
DstK8S_OwnerType: string
Kind of the destination Kubernetes owner, such as deployment, StatefulSet, etc.
Optional
SrcK8S_HostIP: string
Source node IP
Optional
DstK8S_HostIP: string
Destination node IP
Optional
SrcK8S_HostName: string
Source node name
Optional
DstK8S_HostName: string
Destination node name
Proto: number
L4 protocol
Optional
Interface: string
Network interface
Packets: number
Number of packets in this flow
Optional
Packets_AB: number
In conversation tracking, A to B packets counter per conversation
Optional
Packets_BA: number
In conversation tracking, B to A packets counter per conversation
Bytes: number
Number of bytes in this flow
Optional
Bytes_AB: number
In conversation tracking, A to B bytes counter per conversation
Optional
Bytes_BA: number
In conversation tracking, B to A bytes counter per conversation
TimeFlowStartMs: number
Start timestamp of this flow, in milliseconds
TimeFlowEndMs: number
End timestamp of this flow, in milliseconds
TimeReceived: number
Timestamp when this flow was received and processed by the flow collector, in seconds
Optional
_HashId: string
In conversation tracking, the conversation identifier
Optional
_IsFirst: string
In conversation tracking, a flag identifying the first flow
Optional
numFlowLogs: number
In conversation tracking, a counter of flow logs per conversation