Overview
Created:2024-06-01 Last Modified:2025-08-29
This document was translated by ChatGPT
#1. Supported Application Protocols
To reduce resource overhead and avoid misidentification, the agent only parses the following application protocols by default:
- HTTP, HTTP2/gRPC, MySQL, Redis, Kafka, DNS, TLS.
To enable parsing of other application protocols, configure the agent's l7-protocol-enabled. All supported application protocols are listed as follows:
| Value | DisplayName | Description |
|---|---|---|
| 0 | N/A | |
| 20 | HTTP | |
| 21 | HTTP2 | |
| 40 | Dubbo | |
| 41 | gRPC | |
| 43 | SofaRPC | |
| 44 | FastCGI | |
| 45 | bRPC | |
| 46 | Tars | |
| 47 | Some/IP | |
| 48 | ISO-8583 | |
| 60 | MySQL | |
| 61 | PostgreSQL | |
| 62 | Oracle | |
| 80 | Redis | |
| 81 | MongoDB | |
| 82 | Memcached | |
| 100 | Kafka | |
| 101 | MQTT | |
| 102 | AMQP | RabbitMQ |
| 103 | OpenWire | ActiveMQ |
| 104 | NATS | |
| 105 | Pulsar | |
| 106 | ZMTP | ZeroMQ |
| 107 | RocketMQ | |
| 108 | WebSphereMQ | |
| 120 | DNS | |
| 121 | TLS | |
| 122 | Ping | |
| 127 | Custom |
generate from csv file: l7_protocol
#2. Call Log Field Description
The call log (flow_log.l7_flow_log) data table stores request logs for various protocols aggregated at a one-minute granularity, consisting of two main categories of fields: Tag and Metrics.
#2.1 Tags
Tag fields: Mainly used for grouping and filtering. Detailed field descriptions are as follows:
| Name | DisplayName | Description |
|---|---|---|
| _id | UID | |
| time | Time | Round end_time to seconds. |
| region | Region | |
| az | Availability Zone | |
| host | VM Hypervisor | Host running virtual machine. |
| chost | Cloud Host | Including virtual machines |
| vpc | VPC | |
| l2_vpc | Forwarding VPC | VPC where the MAC address is located. |
| subnet | Subnet | |
| router | Router | |
| dhcpgw | DHCP Gateway | |
| lb | Load Balancer | |
| lb_listener | Load Balancer Listener | |
| natgw | NAT Gateway | |
| redis | Redis | |
| rds | RDS | |
| pod_cluster | K8s Cluster | |
| pod_ns | K8s Namespace | |
| pod_node | K8s Node | |
| pod_ingress | K8s Ingress | |
| pod_service | K8s Service | |
| pod_group_type | K8s Workload Type | |
| pod_group | K8s Workload | Such as Deployment |
| pod | K8s POD | |
| service | Service | Deprecated,please use pod_service |
| auto_instance_type | Auto Instance Type | The type of 'auto_instance'. |
| auto_instance | Auto Instance Tag | The instance of IP |
| auto_service_type | Auto Service Type | The type of 'auto_service'. |
| auto_service | Auto Service Tag | On the basis of 'auto_instance' |
| gprocess | Process | |
| tap_port_host | Tap Port Host | Deprecated,please use capture_nic_host. |
| tap_port_chost | Tap Port Cloud Host | Deprecated,please use capture_nic_chost. |
| tap_port_pod_node | Tap Port K8s Node | Deprecated,please use capture_nic_pod_node. |
| capture_nic_host | Host of Capture NIC | |
| capture_nic_chost | Cloud Host of Capture NIC | |
| capture_nic_pod_node | K8s Node of Capture NIC | |
| host_ip | VM Hypervisor | The management IP address of VM Hypervisor. |
| host_hostname | VM Hypervisor | The hostname of VM Hypervisor. |
| chost_ip | Cloud Host | The primary IP address of Cloud Host. |
| chost_hostname | Cloud Host | The hostname of Cloud Host. |
| pod_node_ip | K8s Node | The primary IP address of K8s Node. |
| pod_node_hostname | K8s Node | The hostname of K8s Node. |
| k8s.label | K8s Label | |
| k8s.annotation | K8s Annotation | |
| k8s.env | K8s Env | |
| attribute | Attribute | |
| cloud.tag | Cloud Tag | |
| os.app | OS APP | |
| ip | IP Address | |
| is_ipv4 | IPv4 Flag | |
| is_internet | Internet IP Flag | Whether the IP address is an external Internet address. |
| protocol | Network Protocol | |
| tunnel_type | Tunnel Type | |
| client_port | Client Port | |
| server_port | Server Port | |
| tcp_seq | TCP Seq | |
| req_tcp_seq | TCP Seq of Request | |
| resp_tcp_seq | TCP Seq of Response | |
| l7_protocol | Application Protocol | |
| l7_protocol_str | Application Protocol | In string. |
| is_tls | TLS | |
| is_async | Async | |
| version | Protocol Version | |
| type | Log Type | |
| request_type | Request Type | |
| request_domain | Request Domain | |
| request_resource | Request Resource | |
| request_id | Request ID | |
| response_status | Response Status | |
| response_code | Response Code | |
| response_exception | Response Exception | |
| response_result | Response Result | |
| events | Events | |
| app_service | Application Service | |
| app_instance | Application Instance | |
| endpoint | API Endpoint | |
| process_id | Process ID | |
| process_kname | System Process | |
| trace_id | TraceID | |
| span_id | SpanID | |
| parent_span_id | ParentSpanID | |
| span_kind | Span Kind | From OpenTelemetry. |
| x_request_id | X-Request-ID | |
| x_request_id_0 | Request X-Request-ID | |
| x_request_id_1 | Response X-Request-ID | |
| http_proxy_client | HTTP Client IP | Real client IP before proxy translate. |
| syscall_trace_id | Syscall TraceID | |
| syscall_trace_id_request | Req Syscall TraceID | |
| syscall_trace_id_response | Resp Syscall TraceID | |
| syscall_thread | Syscall Thread | |
| syscall_thread_0 | Req Syscall Thread | |
| syscall_thread_1 | Resp Syscall Thread | |
| syscall_coroutine | Syscall Coroutine | |
| syscall_coroutine_0 | Req Syscall Coroutine | |
| syscall_coroutine_1 | Resp Syscall Coroutine | |
| syscall_cap_seq | Syscall CapSeq | |
| syscall_cap_seq_0 | Req Syscall CapSeq | |
| syscall_cap_seq_1 | Resp Syscall CapSeq | |
| flow_id | Flow ID | |
| start_time | Start Time | Unit: microseconds. Start time of request. |
| end_time | End Time | Unit: microseconds. Start time of response |
| signal_source | Signal Source | |
| tap | Traffic Access Point | Deprecated,please use capture_network_type. |
| capture_network_type | Network Location | The network location for capturing traffic uses a fixed value (Cloud Network) to represent intra-cloud traffic |
| vtap | DeepFlow Agent | Deprecated |
| agent | DeepFlow Agent | |
| nat_source | NAT Source | |
| tap_port | TAP Port Identifier | Deprecated |
| tap_port_name | TAP Port Name | Deprecated |
| tap_port_type | TAP Port Type | Deprecated |
| capture_nic | Capture NIC ID | When the value of tap_port_type is 'Local NIC' |
| capture_nic_name | Capture NIC Name | When the value of tap_port_type is 'Local NIC' |
| capture_nic_type | Capture NIC Type | Indicates the type of traffic collection location |
| tap_side | TAP Side | Deprecated |
| observation_point | Observation Point | The logical location of the collection location in the traffic path |
| biz_type | Business Type | |
| biz_code | Business Code | Used to identify business types (such as mobile banking transfers |
| biz_scenario | Business Scenario | Used for segmenting business scenarios (such as self-to-self transfer |
generate from csv file: l7_flow_log.en
#2.2 Metrics
Metrics fields: Mainly used for calculations. Detailed field descriptions are as follows:
| Field | DisplayName | Unit | Description |
|---|---|---|---|
| request | Request | ||
| response | Response | ||
| session_length | Session Total Bytes | Byte | request_length + response_length. |
| request_length | Request Total Bytes | Byte | |
| response_length | Response Total Bytes | Byte | |
| sql_affected_rows | SQL Affected Rows | Row | |
| captured_request_byte | Captured Request Bytes | Byte | For Packet signal sources |
| captured_response_byte | Captured Response Bytes | Byte | For Packet signal sources |
| direction_score | Direction Score | The higher the score | |
| log_count | Log Count | ||
| response_ratio | Response % | % | Response / Request |
| success_ratio | Success % | % | 1 - Error / Response |
| error | Error | Client Error + Server Error. | |
| client_error | Client Error | ||
| server_error | Server Error | ||
| error_ratio | Error % | % | Error / Response. |
| client_error_ratio | Client Error % | % | Client Error / Response. |
| server_error_ratio | Server Error % | % | Server Error / Response. |
| response_duration | Response Delay | us | If the log type is Session |
| row | Row Count |
generate from csv file: l7_flow_log.en