reuse K8S fields for better UX

hack/examples/docker-console-config.yaml

@@ -52,7 +52,7 @@ frontend:
       docURL: http://kubernetes.io/docs/user-guide/identifiers#names
       field: SrcK8S_Name
       filter: src_name
-      default: false
+      default: true
       width: 15
     - id: SrcK8S_Type
       group: Source
@@ -66,14 +66,6 @@ frontend:
       filter: src_kind
       default: false
       width: 10
-    - id: SrcVM_Name
-      group: Source
-      name: VM Name
-      tooltip: The source name of the related virtual machine.
-      field: SrcVM_Name
-      filter: src_vmname
-      default: true
-      width: 15
     - id: SrcAddr
       group: Source
       name: IP
@@ -111,7 +103,7 @@ frontend:
       docURL: http://kubernetes.io/docs/user-guide/identifiers#names
       field: DstK8S_Name
       filter: dst_name
-      default: false
+      default: true
       width: 15
     - id: DstK8S_Type
       group: Destination
@@ -125,14 +117,6 @@ frontend:
       filter: dst_kind
       default: false
       width: 10
-    - id: DstVM_Name
-      group: Destination
-      name: VM Name
-      tooltip: The destination name of the related virtual machine.
-      field: DstVM_Name
-      filter: dst_vmname
-      default: true
-      width: 15
     - id: DstAddr
       group: Destination
       name: IP
@@ -391,24 +375,12 @@ frontend:
       autoCompleteAddsQuotes: true
       category: source
       placeholder: 'E.g: Pod, Service'
-    - id: src_vmname
-      name: VM Name
-      component: text
-      autoCompleteAddsQuotes: true
-      category: source
-      placeholder: 'E.g: my-vm'
     - id: dst_kind
       name: Kind
       component: autocomplete
       autoCompleteAddsQuotes: true
       category: destination
       placeholder: 'E.g: Pod, Service'
-    - id: dst_vmname
-      name: VM Name
-      component: text
-      autoCompleteAddsQuotes: true
-      category: destination
-      placeholder: 'E.g: my-vm'
     - id: src_address
       name: IP
       component: text
@@ -578,10 +550,6 @@ frontend:
       type: string
       description: Kind of the source Kubernetes object, such as Pod, Service or Node.
       lokiLabel: true
-    - name: SrcVM_Name
-      type: string
-      description: Name of the vm.
-      lokiLabel: true
     - name: SrcAddr
       type: string
       description: Source IP address (ipv4 or ipv6)
@@ -603,10 +571,6 @@ frontend:
       type: string
       description: Kind of the destination Kubernetes object, such as Pod, Service or Node.
       lokiLabel: true
-    - name: DstVM_Name
-      type: string
-      description: Name of the vm.
-      lokiLabel: true
     - name: DstK8S_OwnerName
       type: string
       description: Name of the destination owner, such as Deployment name, StatefulSet name, etc.

hack/examples/docker-ipfix-config.yaml

@@ -5,10 +5,12 @@ pipeline:
     follows: ingest
   - name: enrich
     follows: conntrack
-  - name: logs
+  - name: labels
     follows: enrich
+  - name: logs
+    follows: labels
   - name: write
-    follows: enrich
+    follows: labels
 parameters:
   - name: ingest
     ingest: # use nflow generator to simulate flows: ./nflow-generator -t localhost -p 2055
@@ -76,18 +78,39 @@ parameters:
           - type: add_subnet_label
             add_subnet_label:
               input: SrcAddr
-              output: SrcVM_Name
+              output: SrcK8S_Name
           - type: add_subnet_label
             add_subnet_label:
               input: DstAddr
-              output: DstVM_Name
+              output: DstK8S_Name
         subnetLabels: # enrichment will add names on matching cidrs
           - name: SampleVM1
             cidrs:
               - "10.154.20.0/24"
           - name: SampleVM2
             cidrs:
               - "77.12.190.0/24"
+  - name: labels
+    transform: 
+      type: filter
+      filter:
+        rules: 
+          - type: add_field
+            addField: 
+              input: SrcK8S_Namespace
+              value: "virtual machines"
+          - type: add_field
+            addField: 
+              input: DstK8S_Namespace
+              value: "virtual machines"
+          - type: add_field
+            addField: 
+              input: SrcK8S_Type
+              value: "VM"
+          - type: add_field
+            addField: 
+              input: DstK8S_Type
+              value: "VM"
   - name: logs
     write:
       type: stdout
@@ -102,11 +125,9 @@ parameters:
           - SrcK8S_Namespace
           - SrcK8S_OwnerName
           - SrcK8S_Type
-          - SrcVM_Name
           - DstK8S_Namespace
           - DstK8S_OwnerName
           - DstK8S_Type
-          - DstVM_Name
           - FlowDirection
           - _RecordType
         staticLabels:

hack/ipfix-capture.md

@@ -23,11 +23,15 @@ To simulate flows, you can rely on https://github.com/nerdalert/nflow-generator
 
 Once some flows are ingested, you will see these in the console logs:
 ```
-{"AsPath":null,"BgpCommunities":null,"BgpNextHop":null,"BiFlowDirection":0,"Bytes":266,"CustomBytes_1":null,"CustomBytes_2":null,"CustomBytes_3":null,"CustomBytes_4":null,"CustomBytes_5":null,"CustomInteger_1":0,"CustomInteger_2":0,"CustomInteger_3":0,"CustomInteger_4":0,"CustomInteger_5":0,"CustomList_1":null,"DstAddr":"77.12.190.94","DstAs":64897,"DstMac":"00:00:00:00:00:00","DstNet":2,"DstPort":3306,"DstVM_Name":"SampleVM2","DstVlan":0,"EgressVrfId":0,"Etype":2048,"FlowDirection":0,"ForwardingStatus":0,"FragmentId":0,"FragmentOffset":0,"HasMpls":false,"IcmpCode":0,"IcmpType":0,"InIf":0,"IngressVrfId":0,"IpTos":0,"IpTtl":0,"Ipv6FlowLabel":0,"MplsCount":0,"MplsLabelIp":null,"MplsLastLabel":0,"MplsLastTtl":0,"Mpls_1Label":0,"Mpls_1Ttl":0,"Mpls_2Label":0,"Mpls_2Ttl":0,"Mpls_3Label":0,"Mpls_3Ttl":0,"NextHop":"lhSRAQ==","NextHopAs":0,"ObservationDomainId":0,"ObservationPointId":0,"OutIf":0,"Packets":944,"Proto":6,"SamplerAddress":"fwAAAQ==","SamplingRate":0,"SequenceNum":20362,"SrcAddr":"10.154.20.12","SrcAs":42566,"SrcMac":"00:00:00:00:00:00","SrcNet":12,"SrcPort":9010,"SrcVM_Name":"SampleVM1","SrcVlan":0,"TcpFlags":0,"TimeFlowEnd":1727959922,"TimeFlowEndMs":1727959921619,"TimeFlowStart":1727959922,"TimeFlowStartMs":1727959921518,"TimeReceived":1727959923,"Type":2,"VlanId":0,"_HashId":"e6fa4e3255330028","_RecordType":"flowLog"}
+{"AsPath":null,"BgpCommunities":null,"BgpNextHop":null,"BiFlowDirection":0,"Bytes":589,"CustomBytes_1":null,"CustomBytes_2":null,"CustomBytes_3":null,"CustomBytes_4":null,"CustomBytes_5":null,"CustomInteger_1":0,"CustomInteger_2":0,"CustomInteger_3":0,"CustomInteger_4":0,"CustomInteger_5":0,"CustomList_1":null,"DstAddr":"77.12.190.94","DstAs":42555,"DstK8S_Name":"SampleVM2","DstK8S_Namespace":"virtual machines","DstK8S_Type":"VM","DstMac":"00:00:00:00:00:00","DstNet":19,"DstPort":3306,"DstVlan":0,"EgressVrfId":0,"Etype":2048,"FlowDirection":0,"ForwardingStatus":0,"FragmentId":0,"FragmentOffset":0,"HasMpls":false,"IcmpCode":0,"IcmpType":0,"InIf":0,"IngressVrfId":0,"IpTos":0,"IpTtl":0,"Ipv6FlowLabel":0,"MplsCount":0,"MplsLabelIp":null,"MplsLastLabel":0,"MplsLastTtl":0,"Mpls_1Label":0,"Mpls_1Ttl":0,"Mpls_2Label":0,"Mpls_2Ttl":0,"Mpls_3Label":0,"Mpls_3Ttl":0,"NextHop":"lhSRAQ==","NextHopAs":0,"ObservationDomainId":0,"ObservationPointId":0,"OutIf":0,"Packets":966,"Proto":6,"SamplerAddress":"fwAAAQ==","SamplingRate":0,"SequenceNum":295173,"SrcAddr":"10.154.20.12","SrcAs":482,"SrcK8S_Name":"SampleVM1","SrcK8S_Namespace":"virtual machines","SrcK8S_Type":"VM","SrcMac":"00:00:00:00:00:00","SrcNet":8,"SrcPort":9010,"SrcVlan":0,"TcpFlags":0,"TimeFlowEnd":1727962688,"TimeFlowEndMs":1727962687709,"TimeFlowStart":1727962688,"TimeFlowStartMs":1727962687516,"TimeReceived":1727962690,"Type":2,"VlanId":0,"_HashId":"e6fa4e3255330028","_RecordType":"flowLog"}
+
 ```
 
 Once some logs are ingested, you can open the console UI using `http://localhost:9001/` and open `Netflow Traffic` page.
 
-![IPFIX capture UI](./images/ipfix-capture.png)
+![IPFIX capture UI 1](./images/ipfix-capture-1.png)
+![IPFIX capture UI 2](./images/ipfix-capture-2.png)
+![IPFIX capture UI 3](./images/ipfix-capture-3.png)
+
 
 To end the capture, press `CTRL + C` at anytime. It will destroy all the created containers.