Infrastructure
Splunk App for Stream supports capture of these Infrastructure protocols on Linux, Mac, and Windows. For more information see Configure Streams in the Splunk App for Stream User Manual.
DHCP
Dynamic Host Configuration Protocol RFC 2132
| Name | Description | Term |
|---|---|---|
| src_ip | Client IP Address | flow.c-ip |
| dest_ip | Server IP Address | flow.s-ip |
| src_port | Client port number | flow.c-port |
| dest_port | Server port number | flow.s-port |
| src_mac | Client packets MAC address in hexadecimal format | flow.c-mac |
| dest_mac | Server packets MAC address in hexadecimal format | flow.s-mac |
| packets_in | The total number of packets sent from client to server | flow.cs-packets |
| packets_out | The total number of packets sent from server to client | flow.sc-packets |
| bytes_in | The number of bytes sent from client to server | flow.cs-bytes |
| bytes_out | The number of bytes sent from server to client | flow.sc-bytes |
| bytes | The total number of bytes transferred | flow.bytes |
| time_taken | Number of microseconds, from the end user perspective, that it took to complete a flow event | flow.time-taken |
| protocol | Level 7 protocol name (http, ftp, etc.) | flow.protocol |
| transport | Transport level protocol | flow.transport |
| opcode | Type of DHCP message | dhcp.message-type |
| file | Name of boot file used during initialization | dhcp.filename |
| chaddr | Client Hardware address | dhcp.client-mac |
| ciaddr | Client IP address | dhcp.current-client-ip |
| dns_server | DNS server IP | dhcp.dns-ip |
| giaddr | Relay agent IP address | dhcp.relay-ip |
| ip_lease_time | Specifies lease time DHCP server is willing to offer | dhcp.lease-time |
| siaddr | IP address of the next server (used when booting via a server) | dhcp.server-ip |
| sname | Host name of next server | dhcp.server-name |
| yiaddr | New IP address attributed to the client | dhcp.new-client-ip |
| subnetmask | Subnet mask assigned to the client | dhcp.new-client-subnet |
| router | IP address of the gateway | dhcp.gateway-ip |
DNS
Domain Name System RFC 1034
| Name | Description | Term |
|---|---|---|
| src_ip | Client IP Address | flow.c-ip |
| dest_ip | Server IP Address | flow.s-ip |
| src_port | Client port number | flow.c-port |
| dest_port | Server port number | flow.s-port |
| src_mac | Client packets MAC address in hexadecimal format | flow.c-mac |
| dest_mac | Server packets MAC address in hexadecimal format | flow.s-mac |
| packets_in | The total number of packets sent from client to server | flow.cs-packets |
| packets_out | The total number of packets sent from server to client | flow.sc-packets |
| bytes_in | The number of bytes sent from client to server | flow.cs-bytes |
| bytes_out | The number of bytes sent from server to client | flow.sc-bytes |
| bytes | The total number of bytes transferred | flow.bytes |
| time_taken | Number of microseconds, from the end user perspective, that it took to complete a flow event | flow.time-taken |
| protocol | Level 7 protocol name (http, ftp, etc.) | flow.protocol |
| transport | Transport layer protocol (udp or tcp) | flow.transport |
| ancount | The number of resource records in the answer section | dns.ancount |
| arcount | Number of additional answers | dns.arcount |
| hostname | Host name | dns.host |
| host_addr | Host IP address | dns.host-addr |
| host_type | DNS host type | dns.host-type |
| message_type | DNS Message Type | dns.message-type |
| name | Name of the request | dns.name |
| nscount | Number of answers in the 'authority' section | dns.nscount |
| qdcount | Number of queries | dns.qdcount |
| query | DNS Query sent | dns.query |
| query_type | DNS Query type | dns.query-type |
| reply_code | Return message | dns.reply-code |
| response_time | Elapsed time, in microseconds, between sending the DNS request and response reception | dns.response-time |
| reverse_addr | IP address returned to the PTR request | dns.reverse-addr |
| transaction_id | DNS transaction identifier | dns.transaction-id |
| ttl | Time, in seconds, that a DNS information returned by the server will be kept in cache | dns.ttl |
ICMP
Internet Control Message Protocol RFC 792
| Name | Description | Term |
|---|---|---|
| bytes | The total number of bytes transferred | flow.bytes |
| src_ip | IP address of the client in dot-quad notation | flow.c-ip |
| src_mac | Client packets MAC address in hexadecimal format | flow.c-mac |
| bytes_in | The number of bytes sent from client to server | flow.cs-bytes |
| network_interface | Name of network interface | flow.interface-name |
| capture_hostname | Hostname where Flow was captured | flow.hostname |
| dest_ip | IP address of the server in dot-quad notation | flow.s-ip |
| dest_mac | Server packets MAC address in hexadecimal format | flow.s-mac |
| bytes_out | The number of bytes sent from server to client | flow.sc-bytes |
| time_taken | Number of microseconds, from the end user perspective, that it took to complete a flow event | flow.time-taken |
| id | ICMP message ID | icmp.id |
| code | ICMP message code | icmp.code |
| code_string | ICMP message code string | icmp.code-string |
| type | ICMP message type | icmp.type |
| type_string | ICMP message type string | icmp.type-string |
| checksum | ICMP message checksum | icmp.checksum |
| sequence | ICMP message sequence | icmp.sequence |
| data | ICMP message data | icmp.data |
SNMP
Simple Network Management Protocol RFC 3413
| Name | Description | Term |
|---|---|---|
| bytes | The total number of bytes transferred | flow.bytes |
| c_ip | IP address of the client in dot-quad notation | flow.c-ip |
| src_mac | Client packets MAC address in hexadecimal format | flow.c-mac |
| src_port | Client port number | flow.c-port |
| bytes_in | The number of bytes sent from client to server | flow.cs-bytes |
| data_packets_in | The number of data packets sent from client to server | flow.cs-data-packets |
| packets_in | The total number of packets sent from client to server | flow.cs-packets |
| dest_ip | IP address of the server in dot-quad notation | flow.s-ip |
| dest_mac | Server packets MAC address in hexadecimal format | flow.s-mac |
| dest_port | Server port number | flow.s-port |
| bytes_out | The number of bytes sent from server to client | flow.sc-bytes |
| data_packets_out | The number of data packets sent from server to client | flow.sc-data-packets |
| packets_out | The total number of packets sent from server to client | flow.sc-packets |
| time_taken | Number of microseconds it took to complete a flow event, from the end user's perspective | flow.time-taken |
| transport | Transport layer protocol (udp or tcp) | flow.transport |
| community | Community name | snmp.community |
| method | SNMP request type | snmp.method |
| name | Name of the user | snmp.name |
| request_id | Request Identifier | snmp.request-id |
| varbind_list | JSON array of {"oid":varbind_oid, "value":varbind_value, "type": varbind_value_type} | snmp.varbind_list |
| version | SNMP Version | snmp.version |
Last modified on 03 March, 2022
| File Transfer | Messaging |
This documentation applies to the following versions of Splunk Stream™: 8.0.1, 8.0.2, 8.1.0, 8.1.1, 8.1.3
Download manual
Feedback submitted, thanks!