Project

General

Profile

Actions
Copy link

Feature #5646

open

Task #5645: tracking: elephant flow detection

rules: allow matching on flow pkts and bytes

Added by Victor Julien 11 months ago.

Status:
New
Priority:
Normal
Assignee:
OISF Dev
Target version:
TBD
Effort:
Difficulty:
Label:

Description

Probably need some logic to express direction, e.g.

flow.pkts:toserver,>,10000;
flow.pkts:either,=,10000;
flow.bytes:both,>,1G;

Exact syntax TBD.

No data to display

Actions
Copy link

Also available in: Atom PDF