340
edits
Incidents: Difference between revisions
→Available attributes
| Line 166: | Line 166: | ||
** percent_transmissions: The amount of TCP retransmission as a percentage of the total bytes. | ** percent_transmissions: The amount of TCP retransmission as a percentage of the total bytes. | ||
** duration: The time between first and last packet of the flow. | ** duration: The time between first and last packet of the flow. | ||
* ip_flow_start | |||
** new_connections: The amount of newly created connections (TCP and UDP) for the given timespan. | |||
* ip_traffic | * ip_traffic | ||
** throughput: The throughput bandwidth in bit/s on average during the configured timespan. | ** throughput: The throughput bandwidth in bit/s on average during the configured timespan. | ||
| Line 172: | Line 174: | ||
** retransmission_ratio: The TCP retransmission ratio seen in the configured timespan. | ** retransmission_ratio: The TCP retransmission ratio seen in the configured timespan. | ||
** zero_window_packets: The number of zero window packets seen in the configured timespan. | ** zero_window_packets: The number of zero window packets seen in the configured timespan. | ||
** tcp_syn_packets: The number of TCP SYN packets (RX + TX) seen in the configured timespan. | |||
** tcp_fin_packets: The number of TCP FIN packets (RX + TX) seen in the configured timespan. | |||
** tcp_rst_packets: The number of TCP RST packets (RX + TX) seen in the configured timespan. | |||
* ip_new_local_ip | * ip_new_local_ip | ||
** since_start_time: This is number of seconds after packet processing start when the MAC address appeared. This is useful to only report new MAC address after some learning time. | ** since_start_time: This is number of seconds after packet processing start when the MAC address appeared. This is useful to only report new MAC address after some learning time. | ||