Normalized sFlow fields
sFlow is a technology for monitoring traffic in data networks that have switches and routers. sFlow also know as sampled flow used mandatory sampling technology to collect traffics data and to achieve scalability.
sFlow operates by regularly polling interface counters and sampling traffic on a switch or router. This data is forwarded to a dedicated workstation for analysis.
| Normalized NetFlow field | sFlow field | Description |
|---|---|---|
exporterIp |
sender.address |
|
version |
version |
|
pktSeqNum |
flow_sample.pktseqno |
Flow Sample Header - Sequence Number |
flowRecordType |
flowrecordtype |
Flow Record Type |
flowSeqNum |
flow_sample.sequence_number |
Flow record - Sample Sequence number |
sysUptime |
sysuptime |
|
exportMs |
timestamp |
|
startMs |
timestamp |
|
endMs |
timestamp |
|
protocolId |
sample_ipv4.protocol |
flow.rec.dcd_ipProtocol |
tcpBits |
sampled_ipv4.tcp_flags |
flow.rec.dcd_tcpFlags |
rawSrcTos |
sampled_ipv4.tos |
flow.rec.dcd_ipTos |
srcPort |
sampled_ipv4.src_port |
flow.rec.dcd_sport |
dstPort |
sampled_ipv4.dst_port |
flow.rec.dcd_dport |
inIfId |
flow_sample.input |
flow.rec.inputport |
outIfId |
flow_sample.output |
flow.rec.outputport |
direction |
valuebyte(0) |
valuebyte(0) |
inOctets |
pkt.flow.bytes |
pkt.flow.bytes |
inPackets |
pkt.flow.frames |
pkt.flow.frames |
nextHopIp |
extended_router.nexthop |
flow.rec.nextHop |
bgpNextHopIp |
extended_gateway.nexthop |
flow.rec.bgpNextHop |
bgpSrcAsNum |
extended_gateway.src_as |
flow.rec.src_as |
bgpDstAsNum |
extended_gateway.src_peer_as |
flow.rec.src_peer_as |
srcIp |
sampled_ipv4.src_ip |
flow.rec.ipsrc |
dstIp |
sampled_ipv4.dst_ip |
flow.rec.ipdst |
srcMask |
extended_router.src_mask_len |
flow.rec.srcMask |
dstMask |
extended_router.dst_mask_len |
flow.rec.dstMask |