Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Requesting NTA Conversation Flow Statistics

 

Use the Cloud Analytics Engine DLE API as follows to retrieve Network Traffic Analysis conversation statistics from network devices known to DLE.

GET /api/v1/nta/conversation-stats

Use this DLE API request to get NTA conversation flow statistics samples collected by DLE. Response data is in JSON format.

Request Format:

  • GET method

Request Parameters:

  • Table 1 describes the request parameters.

    Table 1: NTA Conversation Stats Request Parameters

    Request Parameter

    Description

    device

    (String) Device IP address.

    if-index

    (String) Interface SNMP index.

    start

    (Numeric) Start time in ms (epoch time). Query DLE for data starting at this timestamp.

    end

    (Numeric) Optional end time in ms (epoch time). Query DLE for data up until this timestamp.

    aggregation-interval

    (Numeric) Aggregation interval in seconds. Instructs DLE to aggregate (average) the sample data produced within the specified timestamps, and return the averaged samples per interval.

    filter

    Conversations statistics request transfer object consisting of a list of conversation identifiers (source IP address, destination IP address) for which to filter the results and return statistics for only the specified conversations, in the following JSON format:

    { “conversations”: [ {”src-ip”=<IPV4 addr>,”dst-ip”=”<IPV4 addr>”}, ...] }

Response Parameters:

  • conversation-stats: NTA Conversation Stats Samples Transfer Object in JSON format—A list of conversation identifiers and corresponding conversation flow statistics samples results for each conversation, as specified in the request parameters.

See NTA Conversation Stats Data Learning Engine API Example for a sample request and response.

NTA Conversation Stats Samples Transfer Object

The DLE API returns the NTA Conversation Statistics Samples transfer object in response to a DLE API request for NTA conversation statistics. See GET /api/v1/nta/conversation-stats. The response data lists each conversation identifier pair specified in the request, followed by the corresponding list of samples. The results for each conversation are represented by the following elements in JSON format:

  • src-ip: (String) Conversation source IP address

  • dst-ip: (String) Conversation destination IP address

  • samples: List of conversation statistics samples, described in Table 2, that were collected and aggregated by DLE according to the request parameters.

    Table 2: NTA Conversation Samples Transfer Object

    Element Name

    Description

    timestamp

    (Numeric) Timestamp of sample in ms (epoch time).

    total-bytes

    (Numeric) Total bytes of traffic transferred in the conversations sample.

NTA Conversation Stats Data Learning Engine API Example

The following is a DLE API example for retrieving NTA conversation flow samples from DLE. See GET /api/v1/nta/conversation-stats and NTA Conversation Stats Samples Transfer Object. The example request identifies two conversations that make up the bidirectional traffic between two hosts for which to filter the results. The DLE response provides the available samples results for each conversation, aggregated over the specified interval from the specified starting timestamp.

Request:

http://192.168.55.122:8282/api/v1/nta/conversation-stats?

filter={"conversations":[{"src-ip":"198.51.100.2","dst-ip":"10.0.0.2"},{"src-ip":"10.0.0.2","dst-ip":”198.51.100.2"}]}

&start=1441057546726&aggregation-interval=4&device=192.168.55.93&if-index=521

Response: