Aggregated flows by REST API The flow query engine supports rendering Top-N metrics from pre-aggregated documents stored in Elasticsearch. Use these to help alleviate compute load on the Elasticsearch cluster, particularly for environments with large volumes of flows (>10,000 flows/sec). To use this functionality you must enable the Kafka forwarder as described in Configure Kafka forwarder and set up the streaming analytics tool to process flows and persist aggregates in Elasticsearch. Set the following properties in $OPENNMS_HOME/etc/org.opennms.features.flows.persistence.elastic.cfg to control the query engine to use aggregated flows: Table 1. Optional parameters for flow aggregation Property Description Default alwaysUseRawForQueries Use raw flow documents to respond to all queries instead of aggregated flows. true alwaysUseAggForQueries Use aggregated flow documents to respond to all queries instead of raw flows. false timeRangeDurationAggregateThresholdMs Queries with time range filters that have a duration greater than this value will use aggregated flows when possible. 120000 (2 minutes) timeRangeEndpointAggregateThresholdMs Queries with time range filters that have an endpoint that is older than this value will use aggregated flows when possible. 604800000 (7 days) Flows Classification Flows Troubleshooting