Aggregator Telemetry - Type 2

The Type 2 Aggregator extends the edge-focused visibility of Type 1 by adding greater context to each data record, enabling deeper analysis without significantly increasing data volume. In addition to application, protocol, and local endpoint dimensions, it incorporates the remote (other) IP and IP protocol, along with a flow count metric to capture connection activity.

This makes it well-suited for environments such as enterprise LANs and last-mile networks where operators need to understand not just usage, but also peer Internet IPs, communication patterns, and connection behavior.

Data Profile

Dimensions

Application
Protocol
Local IP
Local MAC
Other IP
IP protocol

Metrics

Local bytes
Other bytes
Packets
Flow count

Criteria

Excludes NATed flows

Requirements

Install and configure the Netify Agent
Install and configure a Sink Plugin for receiving the telemetry
Install and configure the Aggregator Plugin
- Set the aggregator property to 2
- Modify the Sink Configuration

Source: Aggregator Plugin
Plugin Release: 1.0.16

Attributes

Please review the direction conventions documentation for context on local vs other metrics.

Timestamps

log_time_start

integer

Unix epoch timestamp (seconds) for the beginning of the aggregation interval.

log_time_end

integer

Unix epoch timestamp (seconds) for the end of the aggregation interval.

Dimensions

local_mac

string

Local endpoint MAC address. Omitted when privacy mode is enabled.

local_ip

string

Local endpoint IP address. Omitted when privacy mode is enabled.

other_ip

string

Other endpoint IP address.

application_id

string

Legacy Netify application identifier with both the ID and tag.

protocol_id

integer

Netify protocol ID.

ip_protocol

integer

IANA IP protocol number (for example: 6 for TCP, 17 for UDP).

Metrics

local_bytes

integer

Total bytes sent from the local endpoint.

other_bytes

integer

Total bytes sent from the other endpoint.

packets

integer

Total packet count.

flow_count

integer

Number of flows.

Example Data

The aggregator formats are available in two different formats. The flat format is well suited for importing into databases, creating CSVs, and managing other row-based solutions. The nested format is well suited for cache keys, internal data structures in memory, and other key-based solutions.

Aggregator 2 - Flat Mode

{
  "log_time_end": 1774715044,
  "log_time_start": 1774715039,
  "stats": [
    {
      "application_id": "156.netify.spotify",
      "flow_count": 2,
      "ip_protocol": 6,
      "local_bytes": 17955,
      "local_ip": "192.168.88.115",
      "local_mac": "c2:54:46:ae:90:ab",
      "other_bytes": 967921,
      "other_ip": "151.101.126.250",
      "packets": 877,
      "protocol_id": 196
    },
    ...
  ]
}

Aggregator 2 - Nested Mode

{
  "log_time_end": 1774715044,
  "log_time_start": 1774715039,
  "stats": {
    "c2:54:46:ae:90:ab": {
      "192.168.88.115": {
        "151.101.126.250": {
          "156.netify.spotify": {
            "196": {
              "flow_count": 2,
              "ip_protocol": 6,
              "local_bytes": 17955,
              "other_bytes": 967921,
              "packets": 877
            }
          }
        },
        "23.43.242.147": {
          "156.netify.spotify": {
            "196": {
              "flow_count": 2,
              "ip_protocol": 6,
              "local_bytes": 11185,
              "other_bytes": 674255,
              "packets": 614
            }
          }
        }
      }
    },
    ...
  }
}