Description and usage of ParseNetflowv5 processor:

Parses netflowv5 byte ingest and add to NiFi flowfile as attributes or JSON content.

Tags:

network, netflow, attributes, datagram, v5, packet, byte

Properties:

In the list below, the names of required properties appear in bold. Any other properties (not in bold) are considered optional. The table also indicates any default values.

Name

Default Value

Allowable Values

Description

Parsed fields destination

flowfile-content * flowfile-content 
* flowfile-attribute 
Indicates whether the results of the parser are written to the FlowFile content or a FlowFile attribute; if using flowfile-attribute, fields will be populated as attributes. If set to flowfile-content, the netflowv5 field will be converted into a flat JSON object.

Relationships:

Name

Description

success Any FlowFile that is successfully parsed as a netflowv5 data will be transferred to this Relationship.
failure Any FlowFile that could not be parsed as a netflowv5 message will be transferred to this Relationship without any attributes being added
original The original raw content

Reads Attributes:

Name

Description

udp.port Optionally read if packets are received from UDP datagrams.

Writes Attributes:

Name

Description

netflowv5.header.* The key and value generated by the parsing of the header fields.
netflowv5.record.* The key and value generated by the parsing of the record fields.

State management:

This component does not store state.

Restricted:

This component is not restricted.

Input requirement:

This component requires an incoming relationship.

System Resource Considerations:

None specified.

Summary:

Netflowv5Parser processor parses the ingress netflowv5 datagram format and transfers it either as flowfile attributes or JSON object. Netflowv5 format has predefined schema named “template” for parsing the netflowv5 record. More information: RFC-netflowv5

Netflowv5 JSON Output Schema

{
  "port": int,
  "format": string,
  "header": {
    "version": int,
    "count": int,
    "sys_uptime": long,
    "unix_secs": long,
    "unix_nsecs": long,
    "flow_sequence": long,
    "engine_type": short,
    "engine_id": short,
    "sampling_interval": int
 },
  "record": {
   "srcaddr": string,
   "dstaddr": string,
   "nexthop": string,
   "input": int,
   "output": int,
   "dPkts": long,
   "dOctets": long,
   "first": long,
   "last": long,
   "srcport": int,
   "dstport": int,
   "pad1": short,
   "tcp_flags": short,
   "prot": short,
   "tos": short,
   "src_as": int,
   "dst_as": int,
   "src_mask": short,
   "dst_mask": short,
   "pad2": int
 }
}