Netify Netify logo Contact Us
Products Resources Documentation Blog Sign In

Flow Purge Telemetry

The Flow Purge telemetry is emitted when a tracked flow is removed from the engine, typically after normal connection closure (TCP), inactivity timeout, or internal purge conditions. It captures final flow counters and end-state details at the point the flow leaves active tracking.

Use this record for post-session analysis, accounting, and flow lifecycle validation. Comparing purge records with periodic Flow Stats Telemetry updates helps explain why sessions ended and whether termination behavior aligns with network expectations.

Requirements

  • Install and configure the Netify Agent
  • Install and configure a Sink Plugin for receiving the telemetry
  • Install and configure the Core Plugin and add stream-flows to types
Source
Core Plugin
Plugin Release
1.0.20

Attributes

flow

object
Container for final per-flow statistics at purge time.

flow.detection_packets

integer
Number of packets used for application/protocol detection.

flow.digest

string
Current flow digest identifier.

flow.digest_prev

array
List of previous digest identifiers associated with the flow.

flow.last_seen_at

integer
Timestamp in Unix epoch milliseconds when the flow was last observed.

flow.local_bytes

integer
Bytes sent from the local endpoint.

flow.local_packets

integer
Packets sent from the local endpoint.

flow.local_rate

integer
Final local transmit rate for the flow.

flow.other_bytes

integer
Bytes sent from the remote endpoint.

flow.other_packets

integer
Packets sent from the remote endpoint.

flow.other_rate

integer
Final remote transmit rate for the flow.

flow.tcp

object
TCP health and error counters. Omitted for non-TCP flows.

flow.tcp.resets

integer
Count of observed TCP reset packets for the flow.

flow.tcp.retrans

integer
Count of observed TCP retransmissions for the flow.

flow.tcp.seq_errors

integer
Count of TCP sequence anomalies for the flow.

flow.total_bytes

integer
Total bytes seen for the flow in both directions.

flow.total_packets

integer
Total packets seen for the flow in both directions.

interface

string
Interface name associated with the purged flow.

internal

boolean
Indicates whether the flow is internal to the local network context.

reason

string
Purge reason reported by the engine.
Values:
closed expired

type

string
Telemetry record type. Always flow_purge.

Flow Purge Attributes - Example

{
  "flow": {
    "detection_packets": 12,
    "digest": "fb69e87ed3b...",
    "digest_prev": [
      "d7fddd35cc27..."
    ],
    "last_seen_at": 1772665905392,
    "local_bytes": 0,
    "local_packets": 0,
    "local_rate": 387,
    "other_bytes": 0,
    "other_packets": 0,
    "other_rate": 300,
    "tcp": {
      "resets": 0,
      "retrans": 0,
      "seq_errors": 0
    },
    "total_bytes": 13968,
    "total_packets": 51
  },
  "interface": "wlp3s0",
  "internal": true,
  "reason": "closed",
  "type": "flow_purge"
}