Raw NetFlow session records may be retrieved from FlowTraq storage API via:
GET https://example.com/flowtraq/api/v1/sessions
Request parameters are the same as when retrieving processed FlowTraq views. See Retrieving Processed FlowTraq Views: Request Parameters.
The response will contain either the resulting data table or an error message:
| Parameter Name | Value | Notes |
|---|---|---|
| columns | [string] | An array of column names. |
| data | [[string]] | An array of rows, one session per row. Values in each row correspond to the column names in the columns field. |
| summary | [string] | A total byte and session count of the query. |
| error | string | Only returned if the request failed. |
For example, using curl in a shell command:
$ curl "https://example.com/flowtraq/api/v1/sessions?auth_token=18265a85ca45db35d0a8c263e6dd2c37&group_by=COUNTRY&count_by=BYTES&time_range=-1h"
{"columns":["CLIENT ADDRESS","CLIENT COUNTRY","CLIENT AS", ... ],"data":[["192.168.68.13","??","0", ... ], ...], "summary":["Total sessions: 802","Total Packets: 1832127","Total Bytes: 1160933394"]}
