Flow API
Use the Flow API to retrieve summary statistics and time series data derived from persisted flows.
Unless otherwise specified, all units of time are expressed in milliseconds. |
GETs (Reading Data)
Resource | Description |
---|---|
|
Retrieve the number of flows available. |
|
Retrieve basic information for the exporter nodes that have flows available. |
|
Retrieve detailed information about a specific exporter node. |
|
Retrieve traffic summary statistics for the top N applications or specific applications. |
|
Retrieve a list of the applications with flows. |
|
Retrieve time series metrics for the top N applications or specific applications. |
|
Retrieve traffic summary statistics for the top N conversations or specific conversations. |
|
Retrieve a list of the conversations with flows. |
|
Retrieve time series metrics for the top N conversations or specific conversations. |
|
Retrieve traffic summary statistics for the top N hosts or specific hosts. |
|
Retrieve a list of the hosts with flows. |
|
Retrieve time series metrics for the top N hosts or specific hosts. |
All of the endpoints support the following query string parameters to help filter the results:
The given filters are combined using a logical AND .
There is no support for using OR logic, or combinations thereof.
|
Name |
Default |
Comment |
start |
-14400000 |
Timestamp in milliseconds. If > 0, the timestamp is relative to the UNIX epoch (January 1st 1970 00:00:00 AM). If < 0, the timestamp is relative to the |
end |
0 |
Timestamp in milliseconds. If <= 0, the effective value will be the current timestamp. |
ifIndex |
(none) |
Filter for flows that came in through the given SNMP interface. |
exporterNode |
(none) |
Filter for flows that were exported by the given node. Support either node id (integer) i.e., 1, or foreign source and foreign id lookups i.e., FS:FID. |
The exporters
endpoints do not support any parameters.
The applications/enumerate
endpoint also supports:
Name | Default | Comment |
---|---|---|
limit |
10 |
Number of applications with flows to return. |
prefix |
"" |
If provided, filters the results to only include applications with names that start with the given prefix (using fuzzy matching). |
The applications
and applications/series
endpoints also support:
name | default | comment |
---|---|---|
N |
none |
Number of top entries (determined by total bytes transferred) to return. |
includeOther |
false |
When set to |
application |
none |
If provided, returns only flow series that match the given application(s). This field can be repeated for any number of applications to be included in the query. |
Both endpoints require one of N
or application
query parameters to be set and will return an error if neither or
both are set.
The conversations/enumerate
endpoint also supports:
Name | Default | Comment |
---|---|---|
limit |
10 |
Number of hosts with flows to return. |
location |
".*" |
If provided, filters the results to only include conversations matching the given location regex pattern. |
protocol |
".*" |
If provided, filters the results to only include conversations matching the given protocol regex pattern. |
lower |
".*" |
If provided, filters the results to only include conversations matching the given lower IP address regex pattern. |
upper |
".*" |
If provided, filters the results to only include conversations matching the given upper IP address regex pattern. |
application |
".*" |
If provided, filters the results to only include conversations matching the given application regex pattern. |
The conversations
and conversations/series
endpoints also supports:
Name | Default | Comment |
---|---|---|
N |
10 |
Number of top entries (determined by total bytes transferred) to return. |
includeOther |
false |
When set to |
conversation |
none |
If provided, returns only flow series that match the given conversation(s). This field can be repeated for any number of conversations to be included in the query. |
hostname_mode |
"replace" |
Controls how IP addresses are replaced with hostnames if available:
|
Make sure to URL encode the conversation value in your request. |
Both endpoints require one of N
or conversation
query parameters to be set and will return an error if neither or
both are set.
The conversations/series
endpoint also supports:
Name | Default | Comment |
---|---|---|
step |
300000 |
Requested time interval between rows. |
The hosts/enumerate
endpoint also supports:
Name | Default | Comment |
---|---|---|
limit |
10 |
Number of hosts with flows to return. |
pattern |
".*" |
If provided, filters the results to only include hosts with names that match the given regex pattern. |
The hosts
and hosts/series
endpoints also support:
Name | Default | Comment |
---|---|---|
N |
none |
Number of top entries (determined by total bytes transferred) to return. |
includeOther |
false |
When set to |
host |
none |
If provided, returns only flow series that match the given host(s). This field can be repeated for any number of hosts to be included in the query. |
Both endpoints require one of N
or host
query parameters to be set and will return an error if neither or
both are set.
Examples
curl -u admin:admin http://localhost:8980/opennms/rest/flows/count
915
curl -u admin:admin http://localhost:8980/opennms/rest/flows/applications
{
"start": 1513788044417,
"end": 1513802444417,
"headers": ["Application", "Bytes In", "Bytes Out"],
"rows": [
["https", 48789, 136626],
["http", 12430, 5265]
]
}
curl -u admin:admin http://localhost:8980/opennms/rest/flows/conversations
{
"start": 1513788228224,
"end": 1513802628224,
"headers": ["Location", "Protocol", "Source IP", "Source Port", "Dest. IP", "Dest. Port", "Bytes In", "Bytes Out"],
"rows": [
["Default", 17, "10.0.2.15", 33816, "172.217.0.66", 443, 12166, 117297],
["Default", 17, "10.0.2.15", 32966, "172.217.0.70", 443, 5042, 107542],
["Default", 17, "10.0.2.15", 54087, "172.217.0.67", 443, 55393, 5781],
["Default", 17, "10.0.2.15", 58046, "172.217.0.70", 443, 4284, 46986],
["Default", 6, "10.0.2.15", 39300, "69.172.216.58", 80, 969, 48178],
["Default", 17, "10.0.2.15", 48691, "64.233.176.154", 443, 8187, 39847],
["Default", 17, "10.0.2.15", 39933, "172.217.0.65", 443, 1158, 33913],
["Default", 17, "10.0.2.15", 60751, "216.58.218.4", 443, 5504, 24957],
["Default", 17, "10.0.2.15", 51972, "172.217.0.65", 443, 2666, 22556],
["Default", 6, "10.0.2.15", 46644, "31.13.65.7", 443, 459, 16952]
]
}
curl -u admin:admin http://localhost:8980/opennms/rest/flows/applications/series?N=3&includeOther=true&step=3600000
{
"start": 1516292071742,
"end": 1516306471742,
"columns": [
{
"label": "domain",
"ingress": true
},
{
"label": "https",
"ingress": true
},
{
"label": "http",
"ingress": true
},
{
"label": "Other",
"ingress": true
}
],
"timestamps": [
1516291200000,
1516294800000,
1516298400000
],
"values": [
[9725, 12962, 9725],
[70665, 125044, 70585],
[10937,13141,10929],
[1976,2508,2615]
]
}
curl -u admin:admin http://localhost:8980/opennms/rest/flows/conversations/series?N=3&step=3600000
{
"start": 1516292150407,
"end": 1516306550407,
"columns": [
{
"label": "10.0.2.15:55056 <-> 152.19.134.142:443",
"ingress": false
},
{
"label": "10.0.2.15:55056 <-> 152.19.134.142:443",
"ingress": true
},
{
"label": "10.0.2.15:55058 <-> 152.19.134.142:443",
"ingress": false
},
{
"label": "10.0.2.15:55058 <-> 152.19.134.142:443",
"ingress": true
},
{
"label": "10.0.2.2:61470 <-> 10.0.2.15:8980",
"ingress": false
},
{
"label": "10.0.2.2:61470 <-> 10.0.2.15:8980",
"ingress": true
}
],
"timestamps": [
1516294800000,
1516298400000
],
"values": [
[17116,"NaN"],
[1426,"NaN"],
[20395,"NaN",
[1455,"NaN"],
["NaN",5917],
["NaN",2739]
]
}