Data flow from Netflow and SFlow sources can be retrieved via the dataflow endpoint.
The response uses the Portable Inventory Data envelope with a data and an info element. The data element contains a list of data flow records. Each record uses the following structure:
"ip1": IP address of device 1,
"ip2": IP address of device 2,
"firstSeen": timestamp (YYYY-MM-DD hh:mm:ss) when first detected,
"lastSeen": timestamp (YYYY-MM-DD hh:mm:ss) when last detected,
"service": name of the service (e.g. SNMP, HTTP),
"ports": [ number(s) of involved port(s) ],
"transport": UDP | TCP,
"deviceId1": [ list of device IDs for ip1, if available ],
"deviceId2": [ list of device IDs for ip2, if available ]
You can filter output by specifying a start time from which dataflow shall be reported. The start time can be specified both for first_seen and for last_seen. The format for the timestamp value is ISO 8601, but can be abbreviated. This means that you don't have to specify time of day, or day of month etc.
Note that if time of day is specified, the letter "T" must be used to separate it from the date.