Aggregator Telemetry - Type 3
The Type 3 Aggregator provides a condensed flow summary that includes IPs, MACs, byte counters and packet counters, along with the application and protocol. The record includes the other_port (typically a remote port) but omits the local_port (typically ephemeral).
Requirements
Aggregator Type 3 telemetry was introduced in the Aggregator Plugin in version 1.0.55. To begin streaming the telemetry:
- Install and configure the Netify Agent
- Install and configure a Sink Plugin for receiving the telemetry
- Install and configure the Aggregator Plugin
- Set the aggregator property to 3
- Modify the Sink Configuration
- Source
- Aggregator Plugin
- Plugin Release
- 1.0.55
Flat vs. Nested Formats
The aggregator formats are available in two different formats. The flat format is well suited for importing into databases, creating CSVs, and managing other row-based solutions. The nested format is well suited for cache keys, internal data structures in memory, and other key-based solutions.
Flat
{
"key1": "key value1",
"key2": "key value2",
"key3": "key value3",
"data1": "aggregate data1",
"data2": "aggregate data2",
"data3": "aggregate data3"
}Nested
{
"key value1": {
"key value2": {
"key value3": {
"data1": "aggregate data1",
"data2": "aggregate data2",
"data3": "aggregate data3"
}
}
}
}Attributes
Please review the upload/download conventions documentation for context on local and other prefixes.
detected_application
integerdetected_application_name
stringdetected_protocol
integerdetected_protocol_name
stringdigests
array[string]interface
stringinternal
booleanip_protocol
integerip_version
integerlocal_bytes
integerother_bytes
integerpackets
integerlocal_origin
booleanlocal_ip
stringlocal_mac
stringother_ip
stringother_port
integerother_type
stringPrivacy Mode Disabled (false)
{
"detected_application": 10033,
"detected_application_name": "netify.netify",
"detected_protocol": 196,
"detected_protocol_name": "HTTP/S",
"digests": [
"5dd5bb2c827c677ee3f904d40ee0b0ce512234b8"
],
"interface": "wlp1s0",
"internal": true,
"ip_protocol": 6,
"ip_version": 4,
"local_bytes": 3095,
"local_ip": "192.168.1.100",
"local_mac": "00:00:00:00:00:00",
"local_origin": true,
"other_bytes": 457,
"other_ip": "148.113.141.168",
"other_port": 443,
"other_type": "remote",
"packets": 8
},
{
"detected_application": 10910,
"detected_application_name": "netify.google-chat",
"detected_protocol": 188,
"detected_protocol_name": "QUIC",
"digests": [
"e5cf8332d97ff2f5d8e4a455e5c8e02a4895d8a8"
],
"interface": "wlp1s0",
"internal": true,
"ip_protocol": 17,
"ip_version": 4,
"local_bytes": 426,
"local_ip": "192.168.1.101",
"local_mac": "11:11:1b:11:11:11",
"local_origin": true,
"other_bytes": 476,
"other_ip": "142.251.40.206",
"other_port": 443,
"other_type": "remote",
"packets": 13
}Privacy Mode Enabled (true)
{
"detected_application": 10036,
"detected_application_name": "netify.internal-network",
"detected_protocol": 8,
"detected_protocol_name": "MDNS",
"digests": [
"0ff27788cfb55f7e103d20a55f6bd33664dbf68d"
],
"interface": "wlp1s0",
"internal": true,
"ip_protocol": 17,
"ip_version": 4,
"local_bytes": 440,
"local_origin": true,
"other_bytes": 0,
"other_ip": "224.0.0.251",
"other_port": 5353,
"other_type": "multicast",
"packets": 1
},
{
"detected_application": 10017,
"detected_application_name": "netify.outlook",
"detected_protocol": 188,
"detected_protocol_name": "QUIC",
"digests": [
"fa3c6efb48ebec5835b83f35090772118efcbf9d"
],
"interface": "wlp1s0",
"internal": true,
"ip_protocol": 17,
"ip_version": 4,
"local_bytes": 3443,
"local_origin": true,
"other_bytes": 2050,
"other_ip": "52.96.165.210",
"other_port": 443,
"other_type": "remote",
"packets": 20
}