Aggregation The flow query engine supports rendering Top-N metrics from pre-aggregated documents stored in Elasticsearch. Use these to help alleviate compute load on the Elasticsearch cluster, particularly for environments with large volumes of flows (>10,000 flows/sec). To use this functionality you must enable the Kafka forwarder as described in Configure Kafka forwarder and set up Nephron to process the flows. Nephron currently requires an Apache Flink cluster to deploy the job. YOu can set the following properties in $\{OPENNMS_HOME/etc/org.opennms.features.flows.persistence.elastic.cfg to control the query engine to use aggregated flows: Property Description Required Default alwaysUseRawForQueries Set to true to use raw flow documents to respond to all queries and effectively disable the use of aggregated flows. false true alwaysUseAggForQueries Set to true to use raw aggregated flow documents to respond to all queries and effectively disable the use of raw flows. false false timeRangeDurationAggregateThresholdMs Queries with time range filters that have a duration greater than this value will use aggregated flows when possible. false 120000 (2 minutes) timeRangeEndpointAggregateThresholdMs Queries with time range filters that have an endpoint that is older than this value will use aggregated flows when possible. false 604800000 (7 days) Classification Engine Kafka Producer