Data flow from Netflow and SFlow sources can be retrieved via the dataflow endpoint.
Data format
The response uses the Portable Inventory Data envelope with a data and an info element. The data element contains a list of data flow records. Each record uses the following structure:
{
"ip1": IP address of device 1 ,
"ip2": IP address of device 2 ,
"firstSeen": timestamp (YYYY-MM-DD hh:mm:ss) when first detected ,
"lastSeen": timestamp (YYYY-MM-DD hh:mm:ss) when last detected ,
"service": name of the service (e.g. SNMP, HTTP) ,
"ports": [number(s) of involved port(s)],
"transport": UDP | TCP ,
"deviceId1": [list of device IDs for ip1, if available],
"deviceId2": [list of device IDs for ip2, if available]
}
The info element contains information about the number of records in the result set and the offset to get the next page of results.
Sample output
Filter
You can filter output by specifying a start time from which dataflow shall be reported. The start time can be specified both for first_seen and for last_seen. The format for the timestamp value is ISO 8601, but can be abbreviated. This means that you don't have to specify time of day, or day of month etc.
Note: If time of day is specified, the letter T must be used to separate it from the date.
API Request
Python
Example:
GET ot-base/api/v1/dataflow/?last_seen=2020-06-01T00:00:00
import requests
# Enter your hostname (for example: myserver.com or 127.0.0.1) between the quotes.
hostname = 'enterHostnameOrIP'
# Replace username and password with your username and password credentials.
auth=('username', 'password')
url = 'https://'+hostname+'/ot-base/api/v1/dataflow/'
params = { 'last_seen': '2023-06-01T00:00:00'}
response = requests.get(url,auth=auth)
print(response.status_code)
print(response.text)
Comments
0 comments
Please sign in to leave a comment.