Flow Record Fields
From Observer GigaFlow Support | VIAVI Solutions Inc.
All GigaFlow flow records contain 29 fields or table columns. In the myipfix database associated with the GigaFlow installation, the netflow tables contain all flow records. These are:
| Record Field | Type | Description |
| customerid | integer | The traffic group source identifier |
| device | numeric(39,0) | The numeric IPV6 address of the device sending us the flowsyslog records |
| engineid | integer | Used to store the traffic group destination identifier |
| srcadd | numeric(39,0) | Store the numeric IPV6 address of the source for the traffic in this record |
| dstadd | numeric(39,0) | Store the numeric IPV6 address of the destination for the traffic in this record |
| nexthop | numeric(39,0) | Store the numeric IPV6 address of the nexthop for the traffic in this record |
| inif | integer | SNMP ifindex of the input interface that seen the traffic for this flow |
| outif | integer | SNMP ifindex of the output interface that seen the traffic for this flow |
| pkts | bigint | Number of packets transmitted in this flow |
| bytes | bigint | Number of octetsbytes transmitted in this flow |
| firstseen | bigint | Millisecond timestamp of when this flow started |
| duration | bigint | Millisecond duration of this flow |
| srcport | integer | Source port number for traffic in this flow record |
| dstport | integer | Destination port number for traffic in this flow record |
| flags | integer | TCP Flags as an Integer value |
| proto | integer | IP Protocol number for this flow record |
| tos | integer | IP TOSCOS value for this flow record |
| appid | integer | Flowsec assigned application id, out of this box this would be the lowest of srcdst port number |
| srcas | integer | Source AS number used for this flow |
| dstas | integer | Destination AS number used for this flow |
| userid | text | COLLATE pg_catalog."default" User ID for this flow, may be as sent or inferred from other sources |
| userdomain | text | COLLATE pg_catalog."default" User Domain for this flow, may be as sent or inferred from other sources |
| srcmac | bigint | Source MAC address (java long value), either as supplied or inferred from other sources |
| dstmac | bigint | Destination MAC address (java long value), either as supplied or inferred from other sources |
| postureid | integer | Marking to indicate this flow is of interest (due to blacklist or profiling problems) |
| spare | integer | Used to store the first packet response value. -1=unset, -2=no response in scope |
| url | text | COLLATE pg_catalog."default" Free for text field we use for things like applcation names (which will soon be moved to fwextcode) or URL data |
| fwextcode | integer | Additional field used to identify traffic (from Cisco NSEL) |
| fwevent | integer | Additional field used to identify events(from Cisco NSEL) |