jotak
commented
7 months ago Some of these fields are indeed probably missing but some of them are not expected: all the "DstK8S..." stuff comes from kube enrichment stage that happens in flowlogs-pipeline ie downstream of the agent.
@msherif1234 we should look for a way to assert that all exporters are always on par with their exported fields ... Like in my current PR here I'm adding assertions that the grpc or direct-flp export produce the same result; maybe we can try to generalize to include ipfix too
rupertgregoryibm
Hello team,
As the main agent has been leaping forward, it seems the IPFIX export feature of FLP needs an update to support export of these fields -
DnsFlags DnsFlagsResponseCode DnsId DnsLatencyMs RTT DstK8S_HostIP DstK8S_HostName DstK8S_Name DstK8S_Namespace DstK8S_OwnerName DstK8S_OwnerType, DstK8S_Type
....there may be (read: probably are) more fields, I've just done brief scan of various MRs over the past few months.
Please can we get the IPFIX export updated. I'm happy to allocate new IPFIX entries if someone can help or point me to the complete schema for all the possible fields and also what each one means.
Many thanks. R.