Flow API Use the Flow API to retrieve summary statistics and time series data derived from persisted flows. Unless otherwise specified, all units of time are expressed in milliseconds. GETs (Reading Data) Resource Description /flows/count Retrieve the number of flows available. /flows/exporters Retrieve basic information for the exporter nodes that have flows available. /flows/exporters/{nodecriteria} Retrieve detailed information about a specific exporter node. /flows/applications Retrieve traffic summary statistics for the top N applications or specific applications. /flows/applications/enumerate Retrieve a list of the applications with flows. /flows/applications/series Retrieve time series metrics for the top N applications or specific applications. /flows/conversations Retrieve traffic summary statistics for the top N conversations or specific conversations. /flows/conversations/enumerate Retrieve a list of the conversations with flows. /flows/conversations/series Retrieve time series metrics for the top N conversations or specific conversations. /flows/hosts Retrieve traffic summary statistics for the top N hosts or specific hosts. /flows/hosts/enumerate Retrieve a list of the hosts with flows. /flows/hosts/series Retrieve time series metrics for the top N hosts or specific hosts. All of the endpoints support the following query string parameters to help filter the results: The given filters are combined using a logical AND. There is no support for using OR logic, or combinations thereof. Name Default Comment start -14400000 Timestamp in milliseconds. If > 0, the timestamp is relative to the UNIX epoch (January 1st 1970 00:00:00 AM). If < 0, the timestamp is relative to the end option (i.e., default value is 4 hours ago). end 0 Timestamp in milliseconds. If <= 0, the effective value will be the current timestamp. ifIndex (none) Filter for flows that came in through the given SNMP interface. exporterNode (none) Filter for flows that were exported by the given node. Support either node id (integer) i.e., 1, or foreign source and foreign id lookups i.e., FS:FID. The exporters endpoints do not support any parameters. The applications/enumerate endpoint also supports: Name Default Comment limit 10 Number of applications with flows to return. prefix "" If provided, filters the results to only include applications with names that start with the given prefix (using fuzzy matching). The applications and applications/series endpoints also support: name default comment N none Number of top entries (determined by total bytes transferred) to return. includeOther false When set to true the results will also include an additional row or column that contains the bytes transferred for the flows that fall outside of the selected set. application none If provided, returns only flow series that match the given application(s). This field can be repeated for any number of applications to be included in the query. Both endpoints require one of N or application query parameters to be set and will return an error if neither or both are set. The conversations/enumerate endpoint also supports: Name Default Comment limit 10 Number of hosts with flows to return. location ".*" If provided, filters the results to only include conversations matching the given location regex pattern. protocol ".*" If provided, filters the results to only include conversations matching the given protocol regex pattern. lower ".*" If provided, filters the results to only include conversations matching the given lower IP address regex pattern. upper ".*" If provided, filters the results to only include conversations matching the given upper IP address regex pattern. application ".*" If provided, filters the results to only include conversations matching the given application regex pattern. The conversations and conversations/series endpoints also supports: Name Default Comment N 10 Number of top entries (determined by total bytes transferred) to return. includeOther false When set to true the results will also include an additional row or column that contains the bytes transferred for the flows that fall outside of selected set. conversation none If provided, returns only flow series that match the given conversation(s). This field can be repeated for any number of conversations to be included in the query. hostname_mode "replace" Controls how IP addresses are replaced with hostnames if available: replace will replace the IP with the hostname append will append the hostname to the IP address hide will not show the hostname at all Make sure to URL encode the conversation value in your request. Both endpoints require one of N or conversation query parameters to be set and will return an error if neither or both are set. The conversations/series endpoint also supports: Name Default Comment step 300000 Requested time interval between rows. The hosts/enumerate endpoint also supports: Name Default Comment limit 10 Number of hosts with flows to return. pattern ".*" If provided, filters the results to only include hosts with names that match the given regex pattern. The hosts and hosts/series endpoints also support: Name Default Comment N none Number of top entries (determined by total bytes transferred) to return. includeOther false When set to true the results will also include an additional row or column that contains the bytes transferred for the flows that fall outside of the selected set. host none If provided, returns only flow series that match the given host(s). This field can be repeated for any number of hosts to be included in the query. Both endpoints require one of N or host query parameters to be set and will return an error if neither or both are set. Examples Retrieve the number of flows persisted in the last 4 hours curl -u admin:admin http://localhost:8980/opennms/rest/flows/count Response 915 Retrieve traffic summary for top 10 applications in the last 4 hours curl -u admin:admin http://localhost:8980/opennms/rest/flows/applications Response { "start": 1513788044417, "end": 1513802444417, "headers": ["Application", "Bytes In", "Bytes Out"], "rows": [ ["https", 48789, 136626], ["http", 12430, 5265] ] } Retrieve traffic summary for top 10 conversations in the last 4 hours curl -u admin:admin http://localhost:8980/opennms/rest/flows/conversations Response { "start": 1513788228224, "end": 1513802628224, "headers": ["Location", "Protocol", "Source IP", "Source Port", "Dest. IP", "Dest. Port", "Bytes In", "Bytes Out"], "rows": [ ["Default", 17, "10.0.2.15", 33816, "172.217.0.66", 443, 12166, 117297], ["Default", 17, "10.0.2.15", 32966, "172.217.0.70", 443, 5042, 107542], ["Default", 17, "10.0.2.15", 54087, "172.217.0.67", 443, 55393, 5781], ["Default", 17, "10.0.2.15", 58046, "172.217.0.70", 443, 4284, 46986], ["Default", 6, "10.0.2.15", 39300, "69.172.216.58", 80, 969, 48178], ["Default", 17, "10.0.2.15", 48691, "64.233.176.154", 443, 8187, 39847], ["Default", 17, "10.0.2.15", 39933, "172.217.0.65", 443, 1158, 33913], ["Default", 17, "10.0.2.15", 60751, "216.58.218.4", 443, 5504, 24957], ["Default", 17, "10.0.2.15", 51972, "172.217.0.65", 443, 2666, 22556], ["Default", 6, "10.0.2.15", 46644, "31.13.65.7", 443, 459, 16952] ] } Retrieve time series data for top 3 applications in the last 4 hours curl -u admin:admin http://localhost:8980/opennms/rest/flows/applications/series?N=3&includeOther=true&step=3600000 Response { "start": 1516292071742, "end": 1516306471742, "columns": [ { "label": "domain", "ingress": true }, { "label": "https", "ingress": true }, { "label": "http", "ingress": true }, { "label": "Other", "ingress": true } ], "timestamps": [ 1516291200000, 1516294800000, 1516298400000 ], "values": [ [9725, 12962, 9725], [70665, 125044, 70585], [10937,13141,10929], [1976,2508,2615] ] } Retrieve time series data for top 3 conversations in the last 4 hours curl -u admin:admin http://localhost:8980/opennms/rest/flows/conversations/series?N=3&step=3600000 Response { "start": 1516292150407, "end": 1516306550407, "columns": [ { "label": "10.0.2.15:55056 <-> 152.19.134.142:443", "ingress": false }, { "label": "10.0.2.15:55056 <-> 152.19.134.142:443", "ingress": true }, { "label": "10.0.2.15:55058 <-> 152.19.134.142:443", "ingress": false }, { "label": "10.0.2.15:55058 <-> 152.19.134.142:443", "ingress": true }, { "label": "10.0.2.2:61470 <-> 10.0.2.15:8980", "ingress": false }, { "label": "10.0.2.2:61470 <-> 10.0.2.15:8980", "ingress": true } ], "timestamps": [ 1516294800000, 1516298400000 ], "values": [ [17116,"NaN"], [1426,"NaN"], [20395,"NaN", [1455,"NaN"], ["NaN",5917], ["NaN",2739] ] } Device Config Rest API Flow Classification API