Aggregator Telemetry - Type 2

The Type 2 Aggregator summarizes flow activity by application, protocol, transport protocol, and remote endpoint while still supporting local host dimensions. It provides a practical middle ground between high-level usage totals and destination-aware telemetry.

Compared with Type 1, Type 2 adds ip_protocol, other_ip, and directional byte counters to improve troubleshooting and traffic profiling. When privacy mode is enabled, local_ip and local_mac are omitted, while the remaining dimensions continue to support trend and policy analysis.

Requirements

Aggregator Type 2 telemetry was introduced in the Aggregator Plugin in version 1.0.16. To begin streaming the telemetry:

Install and configure the Netify Agent
Install and configure a Sink Plugin for receiving the telemetry
Install and configure the Aggregator Plugin
- Set the aggregator property to 2
- Modify the Sink Configuration

Source: Aggregator Plugin
Plugin Release: 1.0.16

Flat vs. Nested Formats

The aggregator formats are available in two different formats. The flat format is well suited for importing into databases, creating CSVs, and managing other row-based solutions. The nested format is well suited for cache keys, internal data structures in memory, and other key-based solutions.

Flat

{
    "key1": "key value1",
    "key2": "key value2",
    "key3": "key value3",
    "data1": "aggregate data1",
    "data2": "aggregate data2",
    "data3": "aggregate data3"
}

Nested

{
    "key value1": {
        "key value2": {
            "key value3": {
                "data1": "aggregate data1",
                "data2": "aggregate data2",
                "data3": "aggregate data3"
            }
        }
    }
}

Attributes

Please review the upload/download conventions documentation for context on local and other prefixes.

application_id

string

Legacy Netify application identifier.

protocol_id

integer

Netify protocol ID.

ip_protocol

integer

IANA IP protocol number (for example: 6 for TCP, 17 for UDP).

flow_count

integer

Number of flows.

local_bytes

integer

Total bytes sent from the local endpoint.

other_bytes

integer

Total bytes sent from the other endpoint.

packets

integer

Total packet count.

other_ip

string

Other endpoint IP address.

local_ip

string

Local endpoint IP address. Omitted when privacy mode is enabled.

local_mac

string

Local endpoint MAC address. Omitted when privacy mode is enabled.

Privacy Mode Disabled (false)

{
    "application_id": "10310.netify.ubiquiti",
    "flow_count": 1,
    "ip_protocol": 17,
    "local_bytes": 204,
    "local_ip": "192.168.1.100",
    "local_mac": "00:00:00:00:00:00",
    "other_bytes": 0,
    "other_ip": "255.255.255.255",
    "packets": 1,
    "protocol_id": 31
},
{
    "application_id": "10017.netify.outlook",
    "flow_count": 1,
    "ip_protocol": 17,
    "local_bytes": 3639,
    "local_ip": "192.168.1.101",
    "local_mac": "11:11:11:11:11:11",
    "other_bytes": 2093,
    "other_ip": "52.96.165.210",
    "packets": 23,
    "protocol_id": 188
},

Privacy Mode Enabled (true)

{
    "application_id": "10256.netify.ubuntu",
    "flow_count": 1,
    "ip_protocol": 6,
    "local_bytes": 491,
    "other_bytes": 467,
    "other_ip": "185.125.190.48",
    "packets": 10,
    "protocol_id": 7
},
{
    "application_id": "126.netify.google",
    "flow_count": 1,
    "ip_protocol": 17,
    "local_bytes": 497,
    "other_bytes": 469,
    "other_ip": "142.250.176.202",
    "packets": 14,
    "protocol_id": 188
},