| iface:traffic_rxtx |
Sent (bytes_sent), Rcvd (bytes_rcvd) |
bps |
Bytes sent and received per interface |
| iface:packets_rxtx |
Sent (packets_sent), Rcvd (packets_rcvd) |
pps |
nil |
| iface:traffic_ip |
IPv6 (bytes_ipv6), IPv4 (bytes_ipv4) |
bps |
IPv4 and IPv6 bytes per interface |
| iface:flows |
Num. Flows (num_flows) |
number |
Number of active flows per interface |
| top:blacklist_v2:hits |
Num Hits (hits) |
number |
Number of blacklist hits |
| iface:new_flows |
Num. Flows (new_flows) |
number |
Number of new flows per interface |
| iface:remote2local |
Bytes (bytes) |
bps |
Bytes from remote to local per interface |
| iface:local2remote |
Bytes (bytes) |
bps |
Bytes from local to remote per interface |
| iface:alerted_flows |
Num. Flows (num_flows) |
number |
Number of alerted flows per interface |
| iface:hosts |
Num. Hosts (num_hosts) |
number |
Number of active hosts per interface |
| iface:engaged_alerts |
Engaged Alerts (engaged_alerts) |
number |
Number of engaged alerts per interface |
| iface:dropped_alerts |
Dropped Alerts (dropped_alerts) |
number |
Number of dropped alerts per interface |
| iface:devices |
Num. Devices (num_devices) |
number |
Number of active devices per interface |
| iface:http_hosts |
Num. Servers (num_hosts) |
number |
Number of active HTTP servers per interface |
| iface:traffic |
Traffic (bytes) |
bps |
Total traffic in bytes per interface |
| iface:packets |
Packets (packets) |
bps |
nil |
| iface:throughput_pps |
Throughput (pps) |
pps |
Throughput in packets per second per interface |
| iface:throughput_bps |
Throughput (bps) |
bps |
Throughput in bits per second per interface |
| iface:score |
Score as Server (srv_score), Score as Client (cli_score) |
number |
Client and server score per interface |
| iface:packets_vs_drops |
Packets (packets), Drops (drops) |
number |
Packets vs drops per interface |
| iface:nfq_pct |
Queue Fill % (num_nfq_pct) |
percentage |
NFQ percentage per interface |
| iface:hosts_anomalies |
Remote Hosts Anomalies (num_rem_hosts_anom), Local Hosts Anomalies (num_loc_hosts_anom) |
number |
Local and remote host anomalies per interface |
| iface:disc_prob_bytes |
Drops (bytes) |
bps |
Discarded probing bytes per interface |
| iface:disc_prob_pkts |
Drops (packets) |
pps |
Discarded probing packets per interface |
| iface:dumped_flows |
Exported Flows (dumped_flows), Dropped Flows (dropped_flows) |
fps |
Dumped and dropped flows per interface |
| iface:zmq_recv_flows |
Collected ZMQ Flows (flows) |
number |
ZMQ received flows per interface |
| iface:zmq_flow_coll_drops |
Flow Collection Drops (drops) |
number |
ZMQ flow collector drops per interface |
| iface:zmq_flow_coll_udp_drops |
Collection Socket Drops (drops) |
number |
ZMQ flow collector UDP drops per interface |
| iface:tcp_stats |
TCP Retransmitted Packets (retransmissions), TCP Packets KeepAlive (keep_alive), TCP Packets Lost (lost), TCP Packets Out-Of-Order (out_of_order) |
number |
TCP Stats |
| iface:tcp_flags |
SYN Packets (syn), SYN+ACK Packets (syn_ack), FIN+ACK Packets (fin_ack), TCP RST Packets (rst) |
number |
TCP Flags per interface |
| iface:zmq_rcvd_msgs |
Rcvd Messages (msgs) |
number |
ZMQ messages received per interface |
| iface:zmq_msg_drops |
Dropped Messages (msgs) |
number |
ZMQ messages dropped per interface |
| host:traffic |
Sent (bytes_sent), Rcvd (bytes_rcvd) |
bps |
Bytes sent and received per host |
| host:packets |
Sent (packets_sent), Rcvd (packets_rcvd) |
pps |
nil |
| host:score |
Score as Client (score_as_cli), Score as Server (score_as_srv) |
number |
Client and server score per host |
| host:active_flows |
Flows As Server (flows_as_server), Flows As Client (flows_as_client) |
fps |
Number of active flows as client and server per host |
| host:total_flows |
Flows As Server (flows_as_server), Flows As Client (flows_as_client) |
fps |
Total flows as client and server per host |
| host:num_blacklisted_flows |
Flows As Server (flows_as_server), Flows As Client (flows_as_client) |
fps |
Blacklisted flows as client and server per host |
| host:alerted_flows |
Flows As Server (flows_as_server), Flows As Client (flows_as_client) |
fps |
Alerted flows as client and server per host |
| host:unreachable_flows |
Flows As Server (flows_as_server), Flows As Client (flows_as_client) |
fps |
Unreachable flows as client and server per host |
| host:host_unreachable_flows |
Flows As Server (flows_as_server), Flows As Client (flows_as_client) |
fps |
Host-unreachable flows as client and server per host |
| host:contacts |
As Server (num_as_server), As Client (num_as_clients) |
fps |
Contacts as client and server per host |
| host:contacts_behaviour |
Lower Bound (lower_bound), Upper Bound (upper_bound), Score (value) |
number |
Host contacts behaviour per host |
| host:total_alerts |
TCP RST Packets (alerts) |
number |
Alerts per host |
| host:engaged_alerts |
TCP RST Packets (alerts) |
number |
Engaged alerts per host |
| host:dns_qry_sent_rsp_rcvd |
Ok Pkts. (replies_ok_pkts), Error Pkts. (replies_error_pkts), Pkts. Queries (queries_pkts) |
number |
DNS query packets, OK replies and error replies received per host |
| host:dns_qry_rcvd_rsp_sent |
Ok Pkts. (replies_ok_pkts), Error Pkts. (replies_error_pkts), Pkts. Queries (queries_pkts) |
number |
DNS query packets, OK replies and error replies sent per host |
| host:tcp_rx_stats |
O. of O. Pkts (out_of_order_pkts) |
pps |
Retransmitted, out-of-order and lost TCP packets received per host |
| host:tcp_tx_stats |
O. of O. Pkts (out_of_order_pkts) |
pps |
Retransmitted, out-of-order and lost TCP packets sent per host |
| host:echo_reply_packets |
Sent (packets_sent), Rcvd (packets_rcvd) |
pps |
ICMP echo-reply packets sent and received per host |
| host:echo_packets |
Sent (packets_sent), Rcvd (packets_rcvd) |
pps |
ICMP echo-request packets sent and received per host |
| host:udp_sent_unicast |
Sent non Uni. (bytes_sent_non_uni), Sent Uni. (bytes_sent_unicast) |
bps |
UDP unicast vs non-unicast bytes per host |
| host:dscp |
Sent (bytes_sent), Rcvd (bytes_rcvd) |
bps |
DSCP class bytes sent and received per host |
| host:host_tcp_unidirectional_flows |
Flows As Server (flows_as_server), Flows As Client (flows_as_client) |
fps |
Unidirectional TCP flows as client and server per host |
| mac:traffic |
Sent (bytes_sent), Rcvd (bytes_rcvd) |
bps |
Bytes sent and received per MAC |
| subnet:traffic |
Inner (bytes_inner), Ingress (bytes_ingress), Egress (bytes_egress) |
bps |
Bytes egress, ingress and inner per subnet |
| subnet:broadcast_traffic |
Inner (bytes_inner), Ingress (bytes_ingress), Egress (bytes_egress) |
bps |
Broadcast bytes egress, ingress and inner per subnet |
| subnet:engaged_alerts |
Engaged Alerts (alerts) |
number |
Engaged alerts per subnet |
| subnet:score |
Score As Client (scoreAsClient), Score As Server (scoreAsServer), Score (score) |
number |
Score, as client and server per subnet |
| subnet:tcp_retransmissions |
Ingress Packets (packets_ingress), Egress Packets (packets_egress), Inner Packets (packets_inner) |
number |
TCP retransmitted packets ingress, egress and inner per subnet |
| subnet:tcp_out_of_order |
Ingress Packets (packets_ingress), Egress Packets (packets_egress), Inner Packets (packets_inner) |
number |
TCP out-of-order packets ingress, egress and inner per subnet |
| subnet:tcp_lost |
Ingress Packets (packets_ingress), Egress Packets (packets_egress), Inner Packets (packets_inner) |
number |
TCP lost packets ingress, egress and inner per subnet |
| subnet:tcp_keep_alive |
Ingress Packets (packets_ingress), Egress Packets (packets_egress), Inner Packets (packets_inner) |
number |
TCP keep-alive packets ingress, egress and inner per subnet |
| subnet:rtt |
RTT (millis_rtt) |
ms |
Round-trip time per subnet |
| asn:traffic |
Sent (bytes_sent), Rcvd (bytes_rcvd) |
bps |
Bytes sent and received per ASN |
| asn:rtt |
RTT (millis_rtt) |
ms |
Round-trip time per ASN |
| asn:traffic_sent |
Sent (bytes) |
bps |
Bytes sent per ASN |
| asn:traffic_rcvd |
Rcvd (bytes) |
bps |
Bytes received per ASN |
| asn:score |
Client Score (scoreAsClient), Server Score (scoreAsServer), Score (score) |
number |
Score per ASN (total, client and server score) |
| asn:tcp_retransmissions |
Sent (packets_sent), Rcvd (packets_rcvd) |
number |
TCP retransmitted packets sent and received per ASN |
| asn:tcp_keep_alive |
Sent (packets_sent), Rcvd (packets_rcvd) |
number |
TCP keep-alive packets sent and received per ASN |
| asn:tcp_out_of_order |
Sent (packets_sent), Rcvd (packets_rcvd) |
number |
TCP out-of-order packets sent and received per ASN |
| asn:tcp_lost |
Sent (packets_sent), Rcvd (packets_rcvd) |
number |
TCP lost packets sent and received per ASN |
| top:asn:traffic |
Bytes (bytes) |
bps |
Bytes sent and received per ASN |
| country:traffic |
Inner (bytes_inner), Ingress (bytes_ingress), Egress (bytes_egress) |
bps |
Bytes egress, ingress and inner per country |
| country:score |
Score As Client (scoreAsClient), Score As Server (scoreAsServer), Score (score) |
number |
Score per country (total, client and server score) |
| os:traffic |
Ingress (bytes_ingress), Egress (bytes_egress) |
bps |
Bytes sent and received per operating system |
| vlan:traffic |
Sent (bytes_sent), Rcvd (bytes_rcvd) |
bps |
Bytes sent and received per VLAN |
| vlan:score |
Score As Client (scoreAsClient), Score As Server (scoreAsServer), Score (score) |
number |
Score per VLAN (total, client and server score) |
| host_pool:traffic |
Sent (bytes_sent), Rcvd (bytes_rcvd) |
bps |
Bytes sent and received per host pool |
| host_pool:blocked_flows |
Num. Flows (num_flows) |
number |
Blocked flows per host pool |
| host_pool:hosts |
Num. Hosts (num_hosts) |
number |
Active hosts per host pool |
| host_pool:devices |
Num. Devices (num_devices) |
number |
Active devices per host pool |
| pod:num_flows |
Flows As Client (as_client), Flows As Server (as_server) |
fps |
Active flows as client and server per pod |
| pod:num_containers |
Num. Containers (num_containers) |
number |
Number of containers per pod |
| pod:rtt |
RTT as Client (as_client), RTT as Server (as_server) |
ms |
Round-trip time as client and server per pod |
| pod:rtt_variance |
Variance as Client (as_client), Variance as Server (as_server) |
ms |
RTT variance as client and server per pod |
| container:num_flows |
Flows As Client (as_client), Flows As Server (as_server) |
fps |
Active flows as client and server per container |
| container:rtt |
RTT as Client (as_client), RTT as Server (as_server) |
ms |
Round-trip time as client and server per container |
| container:rtt_variance |
Variance as Client (as_client), Variance as Server (as_server) |
ms |
RTT variance as client and server per container |
| ht:state |
active entries (num_active), idle entries (num_idle) |
percentage |
CPU load hash idle and active entries |
| ht:state |
active entries (num_active), idle entries (num_idle) |
number |
HostHash idle and active entries |
| ht:state |
active entries (num_active), idle entries (num_idle) |
number |
MacHash idle and active entries |
| ht:state |
active entries (num_active), idle entries (num_idle) |
number |
FlowHash idle and active entries |
| ht:state |
active entries (num_active), idle entries (num_idle) |
number |
AutonomousSystemHash idle and active entries |
| ht:state |
active entries (num_active), idle entries (num_idle) |
number |
ObservationPointHash idle and active entries |
| ht:state |
active entries (num_active), idle entries (num_idle) |
number |
VlanHash idle and active entries |
| system:cpu_states |
iowait (iowait_pct), active (active_pct), idle (idle_pct) |
percentage |
I/O wait, idle and active CPU percentage |
| process:resident_memory |
Bytes (resident_bytes) |
bytes |
Process resident memory in bytes |
| process:num_alerts |
Queries (alerts_queries), Dropped (dropped_alerts), Stored (written_alerts) |
alertps |
Process written, queried and dropped alerts |
| profile:traffic |
Bytes (bytes) |
bps |
Bytes per profile |
| redis:memory |
Bytes (resident_bytes) |
bytes |
Redis memory usage in bytes |
| redis:keys |
Keys (num_keys) |
number |
Number of Redis keys |
| redis:reads_writes_v2 |
Reads (num_reads), Writes (num_writes) |
number |
Redis read and write operations count |
| influxdb:storage_size |
Bytes (disk_bytes) |
bytes |
InfluxDB storage utilization in bytes |
| influxdb:memory_size |
Bytes (mem_bytes) |
bytes |
InfluxDB memory usage in bytes |
| influxdb:write_successes |
Num. Points (points) |
number |
InfluxDB write successes (points) |
| influxdb:exports |
Exports (num_exports) |
number |
Number of InfluxDB exports |
| influxdb:exported_points |
Num. Points (points) |
number |
Number of points exported by InfluxDB |
| influxdb:dropped_points |
Num. Points (points) |
number |
Number of points dropped by InfluxDB |
| influxdb:rtt |
Server Response Time ms (millis_rtt) |
ms |
InfluxDB round-trip time in milliseconds |