Defining more flow using REST API to export flow from sflow-rt

[Habtamu Molla]

How are you dear? i need to define more flow and export them to train ML model,  when i put the defined flows in to http server it works. but when  try to access and display the defined flow some of them are can be accessed and displayed but not all, here the detail,

flow = { 'keys':'ipsource,ipdestination,tcpsourceport,tcpdestinationport,udpsourceport,udpdestinationport,icmp_offset,httpstatus,ipttl,ipprotocol,ipbytes',
    'value': 'frames',
    'log': True
}

from these defined flow features the ff can be accessed and displayed

ipsource,ipdestination,tcpsourceport,tcpdestinationport, frames

 but the rest of the flow feature is not acessiable, like , udpsourceport,udpdestinationport,icmp_offset,httpstatus,ipttl,ipprotocol,ipbytes

please review the flow definition and suggest me the solution for instance if there is there a problem in flow definition above?

 

[Peter Phaal]

A flow definition acts as a filter since all field in the key need to be present in a packet before a flow entry will be created. A single packet is unlikely to contain tcpsourceport,udpsourceport, icmp_offset, and httpstatus!

You have a few options:

1. Create a flow definition for each protocol:

  a:. ipsource,ipdestination,tcpsourceport,tcpdestinationport

  b: ipsource,ipdestination,udpsourceport,udpdestinationport

 ...

2. Use the or: function to handle alternatives, e.g. ipsource,ipdestionation,ipprotocol,or:tcpsourceport:udpsourceport

3. Use the null: function to handle optional fields, e.g. ipsource,ipdestination,null:tcpsourceport,null:udpsourceport

See https://sflow-rt.com/define_flow.php for more information.

The browse-flows application is a good way to experiment with flow definitions, https://github.com/sflow-rt/browse-flows

[Habtamu Molla]

Ok, dear thanks a lot!, let me try it and i will tell you if i get any other challenge