OSDOCS-13258: Flows Format Reference 1.8 update

modules/network-observability-flows-format.adoc

@@ -1,15 +1,15 @@
 // Automatically generated by 'hack/asciidoc-flows-gen.sh'. Do not edit, or make the NETOBSERV team aware of the editions.
 :_mod-docs-content-type: REFERENCE
 [id="network-observability-flows-format_{context}"]
-= Network flows format reference
+= Network Flows format reference
 
 This is the specification of the network flows format. That format is used when a Kafka exporter is configured, for Prometheus metrics labels as well as internally for the Loki store.
 
 The "Filter ID" column shows which related name to use when defining Quick Filters (see `spec.consolePlugin.quickFilters` in the `FlowCollector` specification).
 
 The "Loki label" column is useful when querying Loki directly: label fields need to be selected using link:https://grafana.com/docs/loki/latest/logql/log_queries/#log-stream-selector[stream selectors].
 
-The "Cardinality" column contains information about the implied metric cardinality if this field was to be used as a Prometheus label with the `FlowMetrics` API. For more information, see the `FlowMetrics` documentation for more information on using this API.
+The "Cardinality" column gives information about the implied metric cardinality if this field was to be used as a Prometheus label with the `FlowMetrics` API. Refer to the `FlowMetrics` documentation for more information on using this API.
 
 
 [cols="1,1,3,1,1,1,1",options="header"]
@@ -99,6 +99,13 @@ The "Cardinality" column contains information about the implied metric cardinali
 | yes
 | fine
 | destination.k8s.namespace.name
+| `DstK8S_NetworkName`
+| string
+| Destination network name
+| `dst_network`
+| no
+| fine
+| n/a
 | `DstK8S_OwnerName`
 | string
 | Name of the destination owner, such as Deployment name, StatefulSet name, etc.
@@ -156,14 +163,14 @@ The "Cardinality" column contains information about the implied metric cardinali
 | fine
 | n/a
 | `Flags`
-| number
-| Logical OR combination of unique TCP flags comprised in the flow, as per RFC-9293, with additional custom flags to represent the following per-packet combinations: +
-- SYN+ACK (0x100) +
-- FIN+ACK (0x200) +
-- RST+ACK (0x400)
+| string[]
+| List of TCP flags comprised in the flow, according to RFC-9293, with additional custom flags to represent the following per-packet combinations: +
+- SYN_ACK +
+- FIN_ACK +
+- RST_ACK
 | `tcp_flags`
 | no
-| fine
+| careful
 | tcp.flags
 | `FlowDirection`
 | number
@@ -190,7 +197,7 @@ The "Cardinality" column contains information about the implied metric cardinali
 | fine
 | icmp.type
 | `IfDirections`
-| number
+| number[]
 | Flow directions from the network interface observation point. Can be one of: +
 - 0: Ingress (interface incoming traffic) +
 - 1: Egress (interface outgoing traffic)
@@ -199,7 +206,7 @@ The "Cardinality" column contains information about the implied metric cardinali
 | fine
 | interface.directions
 | `Interfaces`
-| string
+| string[]
 | Network interfaces
 | `interfaces`
 | no
@@ -220,16 +227,22 @@ The "Cardinality" column contains information about the implied metric cardinali
 | fine
 | k8s.layer
 | `NetworkEvents`
-| string
-| Network events flow monitoring
+| object[]
+| Network events, such as network policy actions, composed of nested fields: +
+- Feature (such as "acl" for network policies) +
+- Type (such as an "AdminNetworkPolicy") +
+- Namespace (namespace where the event applies, if any) +
+- Name (name of the resource that triggered the event) +
+- Action (such as "allow" or "drop") +
+- Direction (Ingress or Egress)
 | `network_events`
 | no
 | avoid
 | n/a
 | `Packets`
 | number
 | Number of packets
-| n/a
+| `pkt_drop_cause`
 | no
 | avoid
 | packets
@@ -275,6 +288,13 @@ The "Cardinality" column contains information about the implied metric cardinali
 | no
 | fine
 | protocol
+| `Sampling`
+| number
+| Sampling rate used for this flow
+| n/a
+| no
+| fine
+| n/a
 | `SrcAddr`
 | string
 | Source IP address (ipv4 or ipv6)
@@ -310,6 +330,13 @@ The "Cardinality" column contains information about the implied metric cardinali
 | yes
 | fine
 | source.k8s.namespace.name
+| `SrcK8S_NetworkName`
+| string
+| Source network name
+| `src_network`
+| no
+| fine
+| n/a
 | `SrcK8S_OwnerName`
 | string
 | Name of the source owner, such as Deployment name, StatefulSet name, etc.
@@ -387,6 +414,48 @@ The "Cardinality" column contains information about the implied metric cardinali
 | no
 | avoid
 | timereceived
+| `Udns`
+| string[]
+| List of User Defined Networks
+| `udns`
+| no
+| careful
+| n/a
+| `XlatDstAddr`
+| string
+| Packet translation destination address
+| `xlat_dst_address`
+| no
+| avoid
+| n/a
+| `XlatDstPort`
+| number
+| Packet translation destination port
+| `xlat_dst_port`
+| no
+| careful
+| n/a
+| `XlatSrcAddr`
+| string
+| Packet translation source address
+| `xlat_src_address`
+| no
+| avoid
+| n/a
+| `XlatSrcPort`
+| number
+| Packet translation source port
+| `xlat_src_port`
+| no
+| careful
+| n/a
+| `ZoneId`
+| number
+| Packet translation zone id
+| `xlat_zone_id`
+| no
+| avoid
+| n/a
 | `_HashId`
 | string
 | In conversation tracking, the conversation identifier
@@ -396,9 +465,9 @@ The "Cardinality" column contains information about the implied metric cardinali
 | n/a
 | `_RecordType`
 | string
-| Type of record: 'flowLog' for regular flow logs, or 'newConnection', 'heartbeat', 'endConnection' for conversation tracking
+| Type of record: `flowLog` for regular flow logs, or `newConnection`, `heartbeat`, `endConnection` for conversation tracking
 | `type`
 | yes
 | fine
 | n/a
-|===
+|===