sessions

Live, mostly open, sessions between nodes. A session is a specific application-level connection between nodes. A link can hold one or more sessions at a given time.

id Primary key of this query source
status Tells if the session is ACTIVE, CLOSED, SYN, SYN-ACK
direction_is_known True if the session direction has been discovered. If false, from and to may be swapped.
from Client node id
to Server node id
from_zone Client zone
to_zone Server zone
transport_protocol Transport protocol of the session
from_port Port on the client side
to_port Port on the server side
protocol The protocol in which this entity has been observed
vlan_id The virtual local area network (VLAN) identifier (ID) of the session. It can be absent if the traffic of the session is not VLAN-tagged.
transferred.packets Total number of packets transmitted
transferred.bytes Total number of bytes transmitted
transferred.last_5m_bytes Number of bytes transmitted in the last 5 minutes
transferred.last_15m_bytes Number of bytes transmitted in the last 15 minutes
transferred.last_30m_bytes Number of bytes transmitted in the last 30 minutes
transferred.smallest_packet_bytes Smallest packet size in bytes observed
transferred.biggest_packet_bytes Biggest packet size in bytes observed
transferred.avg_packet_bytes Average packet size in bytes observed
throughput_speed Live throughput for the entity
first_activity_time Timestamp in epoch milliseconds when this session was found for the first time
last_activity_time Timestamp in epoch milliseconds when this session was detected for the last time
key (Internal use)
bpf_filter Berkeley Packet Filter (BPF) filter for the entity, used when performing traces for this entity