Netify Netify logo Contact Us
Products Resources Documentation Blog Sign In

Aggregator Telemetry - Type 3

The Type 3 Aggregator provides a condensed flow summary that includes IPs, MACs, byte counters, and packet counters, along with the application and protocol. The record includes the other_port (typically a remote port) but omits the local_port (typically ephemeral).

Data Profile

Dimensions

  • Application
  • Protocol
  • Network interface
  • IP protocol
  • IP version
  • Local origin
  • Local IP
  • Local MAC
  • Other IP
  • Other MAC
  • Other type

Metrics

  • Download bytes
  • Upload bytes
  • Packets
  • Flow digest list

Criteria

  • Excludes NATed flows

Requirements

Source
Aggregator Plugin
Plugin Release
1.0.55

Attributes

Please review the direction conventions documentation for context on local vs other metrics.

Dimensions

detected_application

integer
Netify application ID.

detected_application_name

string
Netify application tag.

detected_protocol

integer
Netify protocol ID.

detected_protocol_name

string
Human-readable name for the detected protocol.

interface

string
Interface name associated with the aggregated flows.

internal

boolean
Indicates whether flows are internal to the local network context.

ip_protocol

integer
IANA IP protocol number (for example: 6 for TCP, 17 for UDP).

ip_version

integer
IP version used by flows in the bucket.
Values:
4 6

local_origin

boolean
Indicates whether the local endpoint originated the flow direction/context.

local_ip

string
Local endpoint IP address. Omitted when privacy mode is enabled.

local_mac

string
Local endpoint MAC address. Omitted when privacy mode is enabled.

other_ip

string
Other endpoint IP address.

other_port

integer
Transport-layer port for the other endpoint.

other_type

string
Classification of the other endpoint
Values:
local remote broadcast multicast unsupported error unknown

Metrics

local_bytes

integer
Total bytes sent from the local endpoint.

other_bytes

integer
Total bytes sent from the other endpoint.

packets

integer
Total packet count.

digests

array[string]
List of flow digest identifiers included in this aggregation bucket.

Example Data

The aggregator formats are available in two different formats. The flat format is well suited for importing into databases, creating CSVs, and managing other row-based solutions. The nested format is well suited for cache keys, internal data structures in memory, and other key-based solutions.

Aggregator 3 - Flat Mode

{
 "detected_application": 10033,
 "detected_application_name": "netify.netify",
 "detected_protocol": 196,
 "detected_protocol_name": "HTTP/S",
 "digests": [
   "5dd5bb2c827c677ee3f904d40ee0b0ce512234b8"
 ],
 "interface": "wlp1s0",
 "internal": true,
 "ip_protocol": 6,
 "ip_version": 4,
 "local_bytes": 3095,
 "local_ip": "192.168.1.100",
 "local_mac": "00:00:00:00:00:00",
 "local_origin": true,
 "other_bytes": 457,
 "other_ip": "148.113.141.168",
 "other_port": 443,
 "other_type": "remote",
 "packets": 8
},
{
 "detected_application": 10910,
 "detected_application_name": "netify.google-chat",
 "detected_protocol": 188,
 "detected_protocol_name": "QUIC",
 "digests": [
   "e5cf8332d97ff2f5d8e4a455e5c8e02a4895d8a8"
 ],
 "interface": "wlp1s0",
 "internal": true,
 "ip_protocol": 17,
 "ip_version": 4,
 "local_bytes": 426,
 "local_ip": "192.168.1.101",
 "local_mac": "11:11:1b:11:11:11",
 "local_origin": true,
 "other_bytes": 476,
 "other_ip": "142.251.40.206",
 "other_port": 443,
 "other_type": "remote",
 "packets": 13
}