Description and usage of ParseNetflowv5 processor:
Parses netflowv5 byte ingest and add to NiFi flowfile as attributes or JSON content.
Tags:
network, netflow, attributes, datagram, v5, packet, byte
Properties:
In the list below, the names of required properties appear in bold. Any other properties (not in bold) are considered optional. The table also indicates any default values.
Name |
Default Value |
Allowable Values |
Description |
Parsed fields destination |
flowfile-content |
* flowfile-content * flowfile-attribute |
Indicates whether the results of the parser are written to the FlowFile content or a FlowFile attribute; if using flowfile-attribute, fields will be populated as attributes. If set to flowfile-content, the netflowv5 field will be converted into a flat JSON object. |
Relationships:
Name |
Description |
success | Any FlowFile that is successfully parsed as a netflowv5 data will be transferred to this Relationship. |
failure | Any FlowFile that could not be parsed as a netflowv5 message will be transferred to this Relationship without any attributes being added |
original | The original raw content |
Reads Attributes:
Name |
Description |
udp.port | Optionally read if packets are received from UDP datagrams. |
Writes Attributes:
Name |
Description |
netflowv5.header.* | The key and value generated by the parsing of the header fields. |
netflowv5.record.* | The key and value generated by the parsing of the record fields. |
State management:
This component does not store state.
Restricted:
This component is not restricted.
Input requirement:
This component requires an incoming relationship.
System Resource Considerations:
None specified.
Summary:
Netflowv5Parser processor parses the ingress netflowv5 datagram format and transfers it either as flowfile attributes or JSON object. Netflowv5 format has predefined schema named “template” for parsing the netflowv5 record. More information: RFC-netflowv5
Netflowv5 JSON Output Schema
{
"port": int,
"format": string,
"header": {
"version": int,
"count": int,
"sys_uptime": long,
"unix_secs": long,
"unix_nsecs": long,
"flow_sequence": long,
"engine_type": short,
"engine_id": short,
"sampling_interval": int
},
"record": {
"srcaddr": string,
"dstaddr": string,
"nexthop": string,
"input": int,
"output": int,
"dPkts": long,
"dOctets": long,
"first": long,
"last": long,
"srcport": int,
"dstport": int,
"pad1": short,
"tcp_flags": short,
"prot": short,
"tos": short,
"src_as": int,
"dst_as": int,
"src_mask": short,
"dst_mask": short,
"pad2": int
}
}