This section contains a reference for each of the database fields. There are used in JavaScript filters, and in the select and sort statements in advanced reports.
Depending on which database table a query is being run over,
different fields are available. Three tables are used:
flows, counters and
host counters. flows and
counters contain data from network switches,
while host counters contains data from
sFlow-enabled hosts. Also,
the fields available are keys,
values or time.
Keys represent aspects of the traffic being analysed (eg a source address), while values are associated with that traffic (eg frames transmitted). Value fields can be used in a database sort statement, to sort the column in the resulting table (note that the same field must be in the select statement before it can be used in the sort statement).
Additionally, there is one time field, which represents the time when traffic was observed.
The fields below are organised by database table, and by key, value and time.
This section documents the fields available when a query
is run over the flows table.
Table 16.1. Database key fields available for flows
| Term | Description | Type |
|---|---|---|
| Agent | ||
| A string representing the address of the sFlow agent where the traffic was observed | ||
| agent | sFlow agent IP address | string |
| IfIndex | ||
| An integer representing the ifIndex that the traffic was seen on | ||
| inputIfIndex | switch input interface | integer |
| Qualified interface | ||
| A string representing the agent and ifIndex, separated by '>' | ||
| inputInterface | qualified switch input interface | integer |
| ouputInterface | qualified output interface | integer |
| clientInterface | qualified interface associated with the client | integer |
| serverInterface | interface associated with the server | integer |
| MAC address | ||
| A string representing a MAC address in hex | ||
| macSource | source MAC address | string |
| macDestination | destination MAC address | string |
| macClient | client MAC address | string |
| macServer | server MAC address | string |
| IP address | ||
| A string representing an IP address in numeric notation | ||
| ipSource | source IP address | string |
| ipDestination | destination IP address | string |
| ipClient | client IP address | string |
| ipServer | server IP address | string |
| Highest layer address available | ||
| A string representing the highest layer address available | ||
| sourceAddress | source address (IP if available, otherwise MAC) | string |
| destinationAddress | destination address (IP if available, otherwise MAC) | string |
| serverAddress | server address (IP if available, otherwise MAC) | string |
| clientAddress | client address (IP if available, otherwise MAC) | string |
| UDP port | ||
| An integer representing the UDP port, or 0 if not UDP | ||
| udpSourcePort | UDP source port | integer |
| udpDestinationPort | UDP destination port | integer |
| udpClientPort | UDP client port | integer |
| udpServerPort | UDP server port | integer |
| TCP port | ||
| An integer representing the TCP port, or 0 if not TCP | ||
| tcpSourcePort | TCP source port | integer |
| tcpDestinationPort | TCP destination port | integer |
| tcpClientPort | TCP client port | integer |
| tcpServerTCP | TCP server port | integer |
| Highest layer 'port' available | ||
| A string with the protocol and the highest layer port (including ethertype) available, separated by ':' | ||
| sourcePort | source port (L4 port, L3 protocol or L2 ethertype) | string |
| destinationPort | destination port (L4 port, L3 protocol or L2 ethertype | string |
| clientPort | client port (L4 port, L3 protocol or L2 ethertype) | string |
| serverPort | server port (L4 port, L3 protocol or L2 ethertype) | string |
| VLAN | ||
| An integer representing the VLAN number (or 0, if no VLAN) | ||
| vlanSource | source VLAN | integer |
| vlanDestination | destination VLAN | integer |
| vlanClient | client VLAN | integer |
| vlanServer | server VLAN | integer |
| Priority | ||
| An integer representing the 802.1p priority | ||
| prioritySource | source (802.1p) priority | integer |
| priorityDestination | destination (802.1p) priority | integer |
| priorityClient | client (802.1p) priority | integer |
| priorityServer | server (802.1p) priority | integer |
| Other MAC attributes | ||
| Various other attributes of MAC traffic | ||
| ieee803SAP | IEEE 802 SAP | integer |
| Other IP attributes | ||
| Various other attributes of IP (0 if non-IP traffic) | ||
| ipTOS | IP type of service (TOS) | integer |
| ipTTL | IP time to live (TTL) | integer |
| ipProtocol | layer 4 protocol (eg 6 for TCP, 17 for UDP) | integer |
| icmpType | ICMP type | integer |
| Frame type | ||
| Boolean tests for type of traffic | ||
| isUnicast | true if a unicast destination | boolean |
| isMulticast | true if a multicast destination | boolean |
| isBroadcast | true if a broadcast destination | boolean |
| Non-directional fields | ||
| Special non-directional fields for select statements only (these fields cannot be used in filters) | ||
| inputOrOutputIfIndex | the input or output ifIndex | integer |
| inputOrOutputInterface | the input or output qualified interface | string |
| Routing information (not supported by all sFlow implementations) | ||
| If isRouted == true, then the other values will be valid | ||
| isRouted | true if this packet was routed | boolean |
| ipNextHopRouter | next hop address if this packet was routed | string |
| sourceMaskLength | number of bits in the source mask if this packet was routed | integer |
| destinationMaskLength | number of bits in the destination mask if this packet was routed | integer |
| Wireless information (not supported by all sFlow implementations) | ||
| If isWireless == true, then the other values will be valid | ||
| isWireless | true if this packet was send on a wireless network | boolean |
| wifiFrameControl | 802.11 frame control | integer |
| wifiReceiverAddress | 802.11 receiver address | string |
| wifiTransmitterAddress | 802.11 transmitter address | string |
| wifiCipher | 802.11 cipher suite | integer |
| wifiTxSSID | 802.11 transmit SSID | string |
| wifiTxBSSID | 802.11 transmit BSSID | string |
| wifiTxVersion | 802.11 version transmitted | integer |
| wifiTxFrames | 802.11 number of transmissions | integer |
| wifiTxDuration | 802.11 transmitted packet duration | integer |
| wifiRetransDuration | 802.11 retransmit duration | integer |
| wifiTxChannel | 802.11 transmit channel | integer |
| wifiTxSpeed | 802.11 transmit speed | integer |
| wifiTxPower | 802.11 transmit RSNI | integer |
| wifiRxSSID | 802.11 receive SSID | string |
| wifiRxBSSID | 802.11 receive BSSID | string |
| wifiRxVersion | 802.11 version received | integer |
| wifiRxChannel | 802.11 receive channel | integer |
| wifiRxSpeed | 802.11 receive speed | integer |
| wifiRSNI | 802.11 RSNI | integer |
| wifiRCPI | 802.11 RCPI | integer |
| wifiRxDuration | 802.11 received packet duration | integer |
| Non-directional wireless fields | ||
| Special non-directional fields for select statements only (these fields cannot be used in filters) | ||
| wifiVersion | 802.11 version for transmit or receive | integer |
| wifiSpeed | 802.11 speed for transmit or receive | integer |
| wifiSSID | 802.11 SSID for transmit or receive | string |
| wifiBSSID | 802.11 BSSID for transmit or receive | string |
| wifiDuration | 802.11 duration for transmit or receive | integer |
| wifiChannel | 802.11 channel for transmit or receive | integer |
Table 16.2. Database value fields available for flows
| Term | Description | Type |
|---|---|---|
| Bytes | ||
| Traffic byte count | ||
| bytesFromServer | Bytes sent from the server | integer |
| bytesToServer | Bytes sent to the server | integer |
| bytesIn | Bytes received. | integer |
| bytesOut | Bytes sent. | integer |
| bytesTotal | Total number of bytes | integer |
| Frames | ||
| Traffic byte count | ||
| framesFromServer | Frames sent from the server | integer |
| framesToServer | Frames sent to the server | integer |
| framesIn | Frames received. | integer |
| framesOut | Frames sent. | integer |
| framesTotal | Total number of frames | integer |
| TCP/IP flags | ||
| Various statistics from TCP/IP flags | ||
| synCount | The number of TCP/IP packets with SYN set | integer |
| synAckCount | The number of TCP/IP packets with both SYN and ACK set | integer |
This section documents the fields available when a query
is run over the counters table.
Table 16.3. Database key fields available for counters
| Term | Description | Type |
|---|---|---|
| Agent | ||
| A string representing the address of the sFlow agent where the traffic was observed | ||
| agent | sFlow agent IP address | string |
| IfIndex | ||
| An integer representing the ifIndex that the traffic was seen on | ||
| ifIndex | switch interface associated with the counters | integer |
| Qualified interface | ||
| A string representing the agent and ifIndex, separated by '>' | ||
| interface | qualified switch interface associated with the counters | integer |
Table 16.4. Database value fields available for counters
| Term | Description | Type |
|---|---|---|
| Interface counters | ||
| Standard interface counters | ||
| framesIn | The total of all non-error received frames | integer |
| framesOut | The total of all non-error transmitted frames | integer |
| ifInBroadcasts | Number of received broadcast frames | integer |
| ifOutBroadcasts | Number of transmitted broadcast frames | integer |
| ifInMulticasts | Number of received multicast frames | integer |
| ifOutMulticasts | Number of transmitted multicast frames | integer |
| ifInUcasts | Number of received unicast frames | integer |
| ifOutUcasts | Number of transmitted unicast frames | integer |
| ifInOctets | Number of received bytes | integer |
| ifOutOctets | Number of transmitted bytes | integer |
| ifInErrors | Number of received errors | integer |
| ifOutErrors | Number of transmitted errors | integer |
| ifInDiscards | Number of received discards | integer |
| ifOutDiscards | Number of transmitted discards | integer |
| ifInErrorsAndDiscards | The total of received errors and discards | integer |
| ifOutErrorsAndDiscards | The total of transmitted errors and discards | integer |
| utilizationIn | The ingress utilization | integer |
| utilizationOut | The egress utilization | integer |
| Interface status | ||
| Standard interface status | ||
| ifStatus | Bit 0: ifAdminStatus, bit 1: ifOperStatus | integer |
| ifType | The ifType (see IANAIfType) | integer |
| ifSpeed | The interface speed in bits/second | integer |
| ifDirection | 0 = unknown, 1 = full-duplex, 2 = half-duplex, 3 = in, 4 = out | integer |
| Basic wireless counters | ||
| Basic wireless counters (not supported by all sFlow implementations) | ||
| wifiAssociated | Number of associated stations | integer |
| wifiTxFragments | Number of transmitted fragments | integer |
| wifiTxMulticasts | Number of transmitted multicast frames | integer |
| wifiRxFragments | Number of received fragments | integer |
| wifiRxMulticasts | Number of received multicast frames | integer |
| wifiRetries | Number of retried frames | integer |
| wifiMultiRetries | Number of multiple retries | integer |
| wifiFailures | Number of failed frames | integer |
| wifiAckFailures | Number of acknowledgement failures | integer |
| wifiRTSFailures | Number of RTS failures | integer |
| wifiRTSSuccesses | Number of RTS successes | integer |
| wifiFCSErrors | Number of FCS errors | integer |
| wifiDuplicates | Number of duplicate frames | integer |
| wifiWEPUndecryptable | Number of undecryptable frames | integer |
| Time-based wireless counters | ||
| Channel time wireless counters (not supported by all sFlow implementations) | ||
| wifiElapsedTime | Total elapsed time in ms | integer |
| wifiOnChannelTime | Total time spent on channel in ms | integer |
| wifiOnChannelBusyTime | Busy time spent on channel in ms | integer |
| QoS wireless counters | ||
| Quality of service wireless counters (not supported by all sFlow implementations) | ||
| wifiQoSCFRx | Number of CF frames received | integer |
| wifiQoSCFLost | Number of CF frames lost | integer |
| wifiQoSCFUnusable | Number of CF frames unusable | integer |
| wifiQoSCFUnused | Number of CF frames unused | integer |
| wifiQoSDiscards | Number of discarded frames | integer |
This section documents the fields available when a query
is run over the hosts table.
Table 16.5. Database key fields available for host counters
| Term | Description | Type |
|---|---|---|
| Agent | ||
| A string representing the address of the sFlow agent for the host | ||
| agent | sFlow agent IP address | string |
| Datasource | ||
| A String representing the sFlow datasource for the host | ||
| datasource | sFlow datasource for the host | string |
| Hostname | ||
| The hostname of the host | ||
| hostname | The host's hostname | string |
| UUID | ||
| A String representing the UUID of the host in standard RFC 4122 format | ||
| UUID | The host's UUID | string |
| OS release | ||
| A string containing the operating system release version | ||
| osRelease | The release version string of the OS running on the host | string |
| Virtual information | ||
| Boolean test for virtual hosts | ||
| isVirtual |
true if the host is a virtual host |
boolean |
Table 16.6. Database value fields available for host counters
| Term | Description | Type |
|---|---|---|
| Machine type | ||
| An integer representing the architecture of the system, as documented in the host sFlow specification | ||
| machineType | The system architecture | integer |
| OS name | ||
| An integer representing the type of operating system, as documented in the host sFlow specification | ||
| osName | The type of operating system running on the host | integer |
| Host CPU counters | ||
| Host CPU performance counters expressed as an absolute value | ||
| cpuIdle | Idle CPU time in ms | integer |
| cpuIntr | Time in ms servicing interrupts | integer |
| cpuNice | Nice CPU time in ms | integer |
| cpuSoftIntr | Time in ms servicing soft interrupts | integer |
| cpuSystem | System CPU time in ms | integer |
| cpuTotal | Total CPU time available in ms (the sum of all of the other CPU time fields, including idle) | integer |
| cpuUser | User CPU time in ms | integer |
| cpuWIO | Time in ms waiting for I/O to complete | integer |
| cpuNum | Number of CPUs in the system | integer |
| cpuSpeed | Speed in MHz of the CPU | integer |
| loadOne | One-minute load average | integer |
| loadFive | Five-minute load average | integer |
| loadFifteen | Fifteen-minute load average | integer |
| procRun | Total number of runnable processes | integer |
| procTotal | Total number of processes | integer |
| uptime | Seconds since the last reboot | integer |
| contexts | Count of context switches | integer |
| interrupts | Count of interrupts | integer |
| Host CPU percentage counters | ||
| Host CPU performance counters expresssed as a percentage of total CPU time | ||
| cpuIdleUtil | Percentage of idle CPU time | integer |
| cpuIntrUtil | Percentage of CPU time servicing interrupts | integer |
| cpuNiceUtil | Percentage of nice CPU time | integer |
| cpuSoftIntrUtil | Percentage of CPU time servicing soft interrupts | integer |
| cpuSystemUtil | Percentage of system CPU time | integer |
| cpuUserUtil | Percentage of user CPU time | integer |
| cpuUtil | Percentage of non-idle CPU time | integer |
| cpuWIOUtil | Percentage of CPU time waiting for I/O to complete | integer |
| Host disk counters | ||
| Host disk counters expressed as an absolute value | ||
| diskFree | Free disk space in bytes | integer |
| diskTotal | Total disk size in bytes | integer |
| diskUsed | Total space used on disk | integer |
| diskReads | Number of read operations from disk | integer |
| bytesRead | Number of bytes read from disk | integer |
| readTime | Time in ms reading from disk | integer |
| diskWrites | Number of write operations completed to disk | integer |
| bytesWritten | Number of bytes written to disk | integer |
| writeTime | Time in ms writing to disk | integer |
| Host disk percentage counters | ||
| Host disk counters expressed as a percentage | ||
| diskFreeUtil | Free disk space expressed as a percentage of total space | integer |
| diskUsedUtil | Used disk space expressed as a percentage of total space | integer |
| partitionMaxUsed | Utilization of the highest utilized partition expressed as a percentage | integer |
| Host memory counters | ||
| Host memory performance counters expressed as an absolute value | ||
| memoryBuffers | Bytes of memory used for buffers | integer |
| memoryCache | Bytes of memory used for cache | integer |
| memoryFree | Free bytes of memory | integer |
| memoryShared | Shared bytes of memory | integer |
| memoryTotal | Total bytes of memory | integer |
| memoryUsed | Bytes of memory used (= memoryTotal-memoryFree-memoryShared-memoryBuffers-memoryCache) | integer |
| memoryUsedTotal | Total bytes of memory used (= memoryTotal-memoryFree) | integer |
| swapFree | Free bytes of swap space | integer |
| swapTotal | Total bytes of swap space | integer |
| swapUsed | Bytes of swap space used | integer |
| pageIn | Page in count | integer |
| pageOut | Page out count | integer |
| swapIn | Swap in count | integer |
| swapOut | Swap out count | integer |
| Host memory percentage counters | ||
| Host memory performance counters expresssed as a percentage of total memory | ||
| memoryBuffersUtil | Percentage of memory used for buffers | integer |
| memoryCacheUtil | Percentage of memory used for cache | integer |
| memoryFreeUtil | Percentage of memory free | integer |
| memorySharedUtil | Percentage of memory shared | integer |
| memoryUsedUtil | Percentage of memory used (see memoryUsed) | integer |
| memoryUsedTotalUtil | Percentage of used total memory (see memoryUsedTotal) | integer |
| swapFreeUtil | Percentage of swap space free | integer |
| swapUsedUtil | Percentage of swap space used | integer |
| Host network counters | ||
| Host network performance counters | ||
| hostBytesIn | Bytes received by the host | integer |
| hostBytesOut | Bytes sent by the host | integer |
| hostPacketsIn | Packets received by the host | integer |
| hostPacketsOut | Packets send by the host | integer |
| hostErrorsIn | Error packets received by the host | integer |
| hostErrorsOut | Error packets send by the host | integer |
| hostDropsIn | Dropped packets received by the host | integer |
| hostDropsOut | Dropped packets send by the host | integer |