Gigamon Pack

This is a Gigamon pack that ingests and structures log data for easier interpretation, uses Gigamon AMX as source

  3 minute read  

Edge Delta Pipeline Pack for Gigamon

Overview

The Edge Delta Gigamon pack processes logs by extracting JSON fields, transforming data, and ensuring parsed logs are output correctly while managing unprocessable logs separately.

Pack Description

1. Data Ingestion

The data flow begins with the compound_input as the entry point into the pack where all log data starts its processing journey.

2. JSON Field Extraction

Logs are processed by the split_json_array node, which is an Extract JSON Field node. This node extracts elements of a JSON array at the root of the log by specifying [ * ] as the field path.

- name: split_json_array
  type: extract_json_field
  field_path: "[*]"

Logs that fail extraction flow to other_logs. Successful extractions advance to transform for JSON parsing and further transformation.

3. Data Transformation

The transformed logs are processed by the transform node, which is an OTTL Transform node. This employs OTTL (Observability Telemetry Transformation Language) statements to parse and transform JSON-formatted logs.

- name: transform
  type: ottl_transform
  statements: |-
// Decode body
set(cache["parsed_body"], Decode(body, "utf-8"))
// Parse body as JSON
set(attributes["fields"], ParseJSON(cache["parsed_body"]))

  • The statement set(cache["parsed_body"], Decode(body, "utf-8")) decodes the content of body using UTF-8 encoding and stores the result in the cache under the key parsed_body. See Working with the Body and Working with a Cache.

  • The next statement set(attributes["fields"], ParseJSON(cache["parsed_body"])) takes the decoded string stored in cache["parsed_body"] and parses it as JSON. The result is then stored in attributes under the key fields. The ParseJSON function attempts to interpret the input string as a JSON formatted string and returns it as a pcommon.Map or pcommon.Slice which represents either a JSON object or array.

Transformed logs are routed to parsed_logs, whereas those failing at this stage are again sent to other_logs.

4. Output Logging

  1. Parsed Logs: After transformation, logs are sent to the parsed_logs node, a compound_output node that routes well-processed logs out of the pack for further processing.
  2. Other Logs: Paths leading to failure are captured by other_logs, another compound_output node, to manage and look into logs that could not be processed.

Sample Input

[{"app_id":"15","app_name":"dpi","device_inbound_interface":"2","dst_bytes":"183179","dst_ip":"149.22.92.251","dst_mac":"db:fc:d1:65:61:f5","dst_packets":"65","dst_port":"63897","egress_intf_id":"5","end_reason":"4","end_time":"2025:01:09 12:22:36.092","generator":"gs_apps_app_db7361ad-9f91-4a04-9f6b-ae8bbf462462","id":"56795411825564451","intf_name":"eth15","ip_version":"4","protocol":"36","seq_num":"332","src_bytes":"796494","src_ip":"142.143.22.145","src_mac":"e0:0d:77:b4:a5:83","src_packets":"234","src_port":"60664","start_time":"2025:01:09 12:22:36.092","sys_up_time_first":"5792238243578626912","sys_up_time_last":"8786253779304884086","ts":"Thu Jan 9 12:22:36 2025","vendor":"Gigamon","version":"2.2.46"},{"app_id":"23","app_name":"dns","device_inbound_interface":"5","dst_bytes":"876778","dst_ip":"26.70.111.185","dst_mac":"fb:6a:eb:a5:78:3c","dst_packets":"24","dst_port":"29672","egress_intf_id":"7","end_reason":"16","end_time":"2025:01:09 12:22:36.3","generator":"gs_apps_app_9da47499-5cab-4b7f-aea8-7c73445fc672","id":"188000781407099498","intf_name":"eth13","ip_version":"4","protocol":"12","seq_num":"403","src_bytes":"419566","src_ip":"119.23.79.83","src_mac":"0b:0c:19:64:fd:45","src_packets":"192","src_port":"13986","start_time":"2025:01:09 12:22:36.3","sys_up_time_first":"3224467176159601853","sys_up_time_last":"6109489967927425352","ts":"Thu Jan 9 12:22:36 2025","vendor":"Gigamon","version":"1.20.9"},{"app_id":"28","app_name":"firewall","device_inbound_interface":"1","dst_bytes":"407526","dst_ip":"189.138.64.222","dst_mac":"8d:89:ae:3c:83:d9","dst_packets":"168","dst_port":"47419","egress_intf_id":"3","end_reason":"7","end_time":"2025:01:09 12:22:36.587","generator":"gs_apps_app_992328d3-49b9-4b78-bdb0-02d1d897961e","id":"4723780238244433334","intf_name":"eth13","ip_version":"4","protocol":"7","seq_num":"476","src_bytes":"299053","src_ip":"155.157.94.75","src_mac":"67:80:ce:8b:f9:00","src_packets":"202","src_port":"39834","start_time":"2025:01:09 12:22:36.587","sys_up_time_first":"4057179514592685267","sys_up_time_last":"4249858535268616201","ts":"Thu Jan 9 12:22:36 2025","vendor":"Gigamon","version":"2.7.27"},{"app_id":"39","app_name":"dns","device_inbound_interface":"8","dst_bytes":"403072","dst_ip":"496f:1e59:a60d:9ba4:8ed7:50a:b4e1:5fc5","dst_mac":"88:2f:d6:ac:b6:c8","dst_packets":"56","dst_port":"8814","egress_intf_id":"2","end_reason":"15","end_time":"2025:01:09 12:22:36.448","generator":"gs_apps_app_5f527518-4fa6-4d0a-877e-5b270acbedf5","id":"1349054132787197923","intf_name":"eth4","ip_version":"6","protocol":"11","seq_num":"186","src_bytes":"74322","src_ip":"f061:6756:57c1:3e6f:6702:148e:f37a:9ad7","src_mac":"e3:81:d0:d1:b8:48","src_packets":"3","src_port":"37440","start_time":"2025:01:09 12:22:36.448","sys_up_time_first":"2512489844493777097","sys_up_time_last":"8139392173697113002","ts":"Thu Jan 9 12:22:36 2025","vendor":"Gigamon","version":"6.14.69"},{"app_id":"32","app_name":"dns","device_inbound_interface":"1","dst_bytes":"672145","dst_ip":"28.169.240.231","dst_mac":"63:19:b3:dc:58:de","dst_packets":"52","dst_port":"30361","egress_intf_id":"8","end_reason":"16","end_time":"2025:01:09 12:22:36.599","generator":"gs_apps_app_98944c36-8b4d-4b3b-b274-74ec7daa8bd4","id":"6207211767440869044","intf_name":"eth8","ip_version":"4","protocol":"6","seq_num":"896","src_bytes":"337355","src_ip":"57.211.169.96","src_mac":"f2:d9:a3:85:44:f9","src_packets":"50","src_port":"18716","start_time":"2025:01:09 12:22:36.599","sys_up_time_first":"2232126536779531010","sys_up_time_last":"5538866507121203535","ts":"Thu Jan 9 12:22:36 2025","vendor":"Gigamon","version":"3.14.36"},{"app_id":"41","app_name":"firewall","device_inbound_interface":"8","dst_bytes":"924966","dst_ip":"179.104.106.90","dst_mac":"30:6c:da:5a:3c:13","dst_packets":"61","dst_port":"1004","egress_intf_id":"2","end_reason":"2","end_time":"2025:01:09 12:22:36.651","generator":"gs_apps_app_14e5c0ce-469b-4a9a-b296-efc6159ce9ca","id":"3828832968591484166","intf_name":"eth9","ip_version":"4","protocol":"36","seq_num":"859","src_bytes":"391240","src_ip":"108.233.46.28","src_mac":"7c:9e:1e:95:1d:3f","src_packets":"220","src_port":"36827","start_time":"2025:01:09 12:22:36.651","sys_up_time_first":"6647878103515427782","sys_up_time_last":"8550448842706324869","ts":"Thu Jan 9 12:22:36 2025","vendor":"Gigamon","version":"1.20.22"},{"app_id":"20","app_name":"dns","device_inbound_interface":"4","dst_bytes":"473269","dst_ip":"215.27.249.105","dst_mac":"4d:69:f0:9c:90:8f","dst_packets":"11","dst_port":"50709","egress_intf_id":"4","end_reason":"5","end_time":"2025:01:09 12:22:36.401","generator":"gs_apps_app_5953e97d-0531-48a0-bee0-238a983939ae","id":"4777606551710286147","intf_name":"eth6","ip_version":"4","protocol":"101","seq_num":"331","src_bytes":"217543","src_ip":"201.112.252.27","src_mac":"15:60:df:34:51:19","src_packets":"104","src_port":"41139","start_time":"2025:01:09 12:22:36.401","sys_up_time_first":"3423636245206273161","sys_up_time_last":"3442681286156153160","ts":"Thu Jan 9 12:22:36 2025","vendor":"Gigamon","version":"4.17.73"},{"app_id":"19","app_name":"dpi","device_inbound_interface":"8","dst_bytes":"201646","dst_ip":"49.53.152.193","dst_mac":"60:81:89:66:31:92","dst_packets":"205","dst_port":"31858","egress_intf_id":"7","end_reason":"5","end_time":"2025:01:09 12:22:36.447","generator":"gs_apps_app_24121d8d-cf0f-4c66-881e-54e91b1cde34","id":"3583599672781976563","intf_name":"eth5","ip_version":"4","protocol":"100","seq_num":"300","src_bytes":"8209","src_ip":"137.232.177.9","src_mac":"ef:61:c8:90:25:b6","src_packets":"227","src_port":"1458","start_time":"2025:01:09 12:22:36.447","sys_up_time_first":"4320810823796827735","sys_up_time_last":"8373393961969045820","ts":"Thu Jan 9 12:22:36 2025","vendor":"Gigamon","version":"5.2.90"},{"app_id":"20","app_name":"dns","device_inbound_interface":"1","dst_bytes":"386302","dst_ip":"47.61.43.128","dst_mac":"8e:4a:d0:f6:58:73","dst_packets":"116","dst_port":"58374","egress_intf_id":"2","end_reason":"1","end_time":"2025:01:09 12:22:36.325","generator":"gs_apps_app_684fb605-25b4-40a7-8bf6-666875f6e859","id":"8871582896627967840","intf_name":"eth13","ip_version":"4","protocol":"91","seq_num":"612","src_bytes":"727947","src_ip":"77.147.220.187","src_mac":"14:45:b5:8d:4f:a2","src_packets":"30","src_port":"82","start_time":"2025:01:09 12:22:36.325","sys_up_time_first":"7524683814654264728","sys_up_time_last":"7959648055674686280","ts":"Thu Jan 9 12:22:36 2025","vendor":"Gigamon","version":"6.19.26"}]

[{"app_id":"41","app_name":"content-filter","device_inbound_interface":"4","dst_bytes":"625441","dst_ip":"c444:d4b0:29d6:c0b5:4a89:e5f5:adef:88f0","dst_mac":"d3:d1:16:91:3e:5e","dst_packets":"243","dst_port":"5278","egress_intf_id":"3","end_reason":"5","end_time":"2025:01:09 12:22:35.092","generator":"gs_apps_app_9a6b8fab-cc01-4cc7-8a69-91a099d0f35b","id":"3345220112762442952","intf_name":"eth8","ip_version":"6","protocol":"78","seq_num":"735","src_bytes":"590774","src_ip":"8956:35d4:c783:1a80:8a26:52d8:90e0:6049","src_mac":"d2:c7:24:c0:c3:62","src_packets":"55","src_port":"18320","start_time":"2025:01:09 12:22:35.092","sys_up_time_first":"59644632300159795","sys_up_time_last":"8438599842885162320","ts":"Thu Jan 9 12:22:35 2025","vendor":"Gigamon","version":"2.12.32"},{"app_id":"54","app_name":"firewall","device_inbound_interface":"2","dst_bytes":"414011","dst_ip":"8d87:587e:e803:58d2:1707:a83f:3a6c:f52","dst_mac":"b1:e6:a6:c9:7a:35","dst_packets":"23","dst_port":"23239","egress_intf_id":"6","end_reason":"2","end_time":"2025:01:09 12:22:35.75","generator":"gs_apps_app_1064426f-2532-4914-867e-63a73bb54ff2","id":"5484548142669337340","intf_name":"eth11","ip_version":"6","protocol":"67","seq_num":"360","src_bytes":"598227","src_ip":"a440:835f:ebbb:e4a1:f369:38e1:e622:436e","src_mac":"3a:33:e9:7f:87:0c","src_packets":"114","src_port":"56391","start_time":"2025:01:09 12:22:35.75","sys_up_time_first":"4027413898797367451","sys_up_time_last":"6886298748195036006","ts":"Thu Jan 9 12:22:35 2025","vendor":"Gigamon","version":"1.13.2"},{"app_id":"37","app_name":"dpi","device_inbound_interface":"4","dst_bytes":"189205","dst_ip":"149.20.153.50","dst_mac":"12:ad:16:cf:d1:26","dst_packets":"136","dst_port":"49619","egress_intf_id":"1","end_reason":"9","end_time":"2025:01:09 12:22:35.134","generator":"gs_apps_app_26dc1332-97f7-4a8a-aae4-c333fc7a07fd","id":"4022987272734528423","intf_name":"eth7","ip_version":"4","protocol":"23","seq_num":"377","src_bytes":"157366","src_ip":"13.160.240.233","src_mac":"83:c9:e8:0c:d6:4c","src_packets":"163","src_port":"15124","start_time":"2025:01:09 12:22:35.134","sys_up_time_first":"845137622999725037","sys_up_time_last":"7412660570090530534","ts":"Thu Jan 9 12:22:35 2025","vendor":"Gigamon","version":"3.18.53"},{"app_id":"25","app_name":"dns","device_inbound_interface":"6","dst_bytes":"770869","dst_ip":"218.72.142.1","dst_mac":"78:56:ac:8e:b6:60","dst_packets":"249","dst_port":"14638","egress_intf_id":"2","end_reason":"15","end_time":"2025:01:09 12:22:35.245","generator":"gs_apps_app_eb66bf18-6fa3-4693-b47b-f6feddc6b57f","id":"931478140562422652","intf_name":"eth12","ip_version":"4","protocol":"67","seq_num":"148","src_bytes":"486509","src_ip":"247.222.211.59","src_mac":"2c:58:42:5b:f6:9e","src_packets":"7","src_port":"33432","start_time":"2025:01:09 12:22:35.245","sys_up_time_first":"6840532282827393548","sys_up_time_last":"7863001541772066222","ts":"Thu Jan 9 12:22:35 2025","vendor":"Gigamon","version":"2.20.73"},{"app_id":"22","app_name":"firewall","device_inbound_interface":"3","dst_bytes":"4736","dst_ip":"17.98.148.140","dst_mac":"a2:a3:c3:ed:96:97","dst_packets":"46","dst_port":"47079","egress_intf_id":"4","end_reason":"2","end_time":"2025:01:09 12:22:35.844","generator":"gs_apps_app_a01ca289-f6bd-49cc-b1c1-55e4448237aa","id":"7596364994037478695","intf_name":"eth6","ip_version":"4","protocol":"13","seq_num":"979","src_bytes":"894969","src_ip":"1.41.100.34","src_mac":"13:51:c2:e0:f5:1d","src_packets":"138","src_port":"46841","start_time":"2025:01:09 12:22:35.844","sys_up_time_first":"390767614430966099","sys_up_time_last":"3451527193918315400","ts":"Thu Jan 9 12:22:35 2025","vendor":"Gigamon","version":"4.19.78"},{"app_id":"60","app_name":"dpi","device_inbound_interface":"3","dst_bytes":"998872","dst_ip":"5d45:b6fe:a10e:72bb:5594:6e5f:3a1a:f711","dst_mac":"97:5c:57:ac:9a:83","dst_packets":"184","dst_port":"19282","egress_intf_id":"3","end_reason":"9","end_time":"2025:01:09 12:22:35.898","generator":"gs_apps_app_991c1abd-647f-4883-ba31-4f4758b8b2b6","id":"514615932374341984","intf_name":"eth14","ip_version":"6","protocol":"71","seq_num":"435","src_bytes":"977837","src_ip":"8435:449:d95:cfe0:a271:a813:dc75:e92a","src_mac":"22:77:20:ae:26:c7","src_packets":"41","src_port":"38876","start_time":"2025:01:09 12:22:35.898","sys_up_time_first":"3826157399680265147","sys_up_time_last":"7059954163590649423","ts":"Thu Jan 9 12:22:35 2025","vendor":"Gigamon","version":"6.12.60"},{"app_id":"13","app_name":"firewall","device_inbound_interface":"1","dst_bytes":"953895","dst_ip":"30.81.92.168","dst_mac":"25:fb:ce:f2:bf:22","dst_packets":"136","dst_port":"14943","egress_intf_id":"4","end_reason":"16","end_time":"2025:01:09 12:22:35.125","generator":"gs_apps_app_760a36c2-7815-4d97-9819-6030cf731c61","id":"2922144029570679735","intf_name":"eth11","ip_version":"4","protocol":"86","seq_num":"466","src_bytes":"356961","src_ip":"164.167.141.85","src_mac":"c6:0f:37:03:6e:3c","src_packets":"172","src_port":"2244","start_time":"2025:01:09 12:22:35.125","sys_up_time_first":"6816097415319695237","sys_up_time_last":"8189280487529970382","ts":"Thu Jan 9 12:22:35 2025","vendor":"Gigamon","version":"4.10.48"},{"app_id":"39","app_name":"dpi","device_inbound_interface":"1","dst_bytes":"139292","dst_ip":"124.112.220.206","dst_mac":"6d:27:ec:b4:96:b3","dst_packets":"129","dst_port":"7375","egress_intf_id":"3","end_reason":"12","end_time":"2025:01:09 12:22:35.757","generator":"gs_apps_app_b5e382f1-3b0b-4f1e-905d-2b0e435e8be6","id":"1326920640093868885","intf_name":"eth1","ip_version":"4","protocol":"100","seq_num":"309","src_bytes":"713118","src_ip":"107.36.156.65","src_mac":"76:69:56:c8:a3:57","src_packets":"65","src_port":"25410","start_time":"2025:01:09 12:22:35.757","sys_up_time_first":"2523546150919012160","sys_up_time_last":"7418849527939503003","ts":"Thu Jan 9 12:22:35 2025","vendor":"Gigamon","version":"6.18.37"},{"app_id":"32","app_name":"dpi","device_inbound_interface":"4","dst_bytes":"264499","dst_ip":"54.11.133.29","dst_mac":"01:a8:e1:1f:fd:ee","dst_packets":"103","dst_port":"5637","egress_intf_id":"5","end_reason":"10","end_time":"2025:01:09 12:22:35.646","generator":"gs_apps_app_4bc35a52-093e-405f-be68-3491128ebe73","id":"5090680030650979026","intf_name":"eth10","ip_version":"4","protocol":"57","seq_num":"1016","src_bytes":"629833","src_ip":"10.214.46.144","src_mac":"1c:30:21:02:3c:65","src_packets":"136","src_port":"13735","start_time":"2025:01:09 12:22:35.646","sys_up_time_first":"3957589781647198196","sys_up_time_last":"8566916703043661673","ts":"Thu Jan 9 12:22:35 2025","vendor":"Gigamon","version":"3.17.9"}]

[{"app_id":"34","app_name":"content-filter","device_inbound_interface":"2","dst_bytes":"449410","dst_ip":"107.81.207.36","dst_mac":"50:9f:ed:8c:3e:6e","dst_packets":"238","dst_port":"46494","egress_intf_id":"6","end_reason":"9","end_time":"2025:01:09 12:22:34.092","generator":"gs_apps_app_d999b099-e9d5-47ad-8fd6-f9231039a625","id":"6801706991714793716","intf_name":"eth10","ip_version":"4","protocol":"18","seq_num":"353","src_bytes":"666111","src_ip":"13.46.163.225","src_mac":"3c:30:a6:98:f5:58","src_packets":"195","src_port":"32697","start_time":"2025:01:09 12:22:34.092","sys_up_time_first":"5537154591884638361","sys_up_time_last":"7526348935216530211","ts":"Thu Jan 9 12:22:34 2025","vendor":"Gigamon","version":"1.16.4"},{"app_id":"49","app_name":"dns","device_inbound_interface":"4","dst_bytes":"931280","dst_ip":"2df3:d547:80ec:3221:65ca:3539:c79b:620f","dst_mac":"2f:29:c1:b4:cc:50","dst_packets":"12","dst_port":"52382","egress_intf_id":"4","end_reason":"12","end_time":"2025:01:09 12:22:34.551","generator":"gs_apps_app_8b03c1b1-dd27-4590-8dcd-964c9750febb","id":"1307027681649438100","intf_name":"eth11","ip_version":"6","protocol":"63","seq_num":"478","src_bytes":"143496","src_ip":"77d3:4545:4509:a7a8:c951:f48d:93a0:bca7","src_mac":"77:82:7d:42:2b:b6","src_packets":"138","src_port":"16086","start_time":"2025:01:09 12:22:34.551","sys_up_time_first":"728254121997303391","sys_up_time_last":"2675305923657157691","ts":"Thu Jan 9 12:22:34 2025","vendor":"Gigamon","version":"2.15.31"},{"app_id":"6","app_name":"dns","device_inbound_interface":"3","dst_bytes":"465132","dst_ip":"67ab:2bd8:a347:aa3c:5a14:fe88:8fc7:5bdb","dst_mac":"da:01:58:54:47:7f","dst_packets":"253","dst_port":"43581","egress_intf_id":"8","end_reason":"1","end_time":"2025:01:09 12:22:35.016","generator":"gs_apps_app_9790173c-9eef-43d1-b46f-9b22863f0539","id":"1468163179909362653","intf_name":"eth7","ip_version":"6","protocol":"41","seq_num":"839","src_bytes":"139857","src_ip":"8720:694e:8c7d:8dd4:9e89:7de4:85dd:b96d","src_mac":"98:f5:6b:14:80:ab","src_packets":"29","src_port":"5055","start_time":"2025:01:09 12:22:35.016","sys_up_time_first":"3267034159118025849","sys_up_time_last":"3792721147604441685","ts":"Thu Jan 9 12:22:35 2025","vendor":"Gigamon","version":"5.7.38"},{"app_id":"38","app_name":"dpi","device_inbound_interface":"5","dst_bytes":"960825","dst_ip":"dd86:49d2:e574:b889:48e1:c93f:66c8:a186","dst_mac":"34:85:83:2c:0b:33","dst_packets":"179","dst_port":"18069","egress_intf_id":"2","end_reason":"1","end_time":"2025:01:09 12:22:34.633","generator":"gs_apps_app_1c89c986-bded-4998-bad7-738185304aa8","id":"5202955093220685348","intf_name":"eth3","ip_version":"6","protocol":"87","seq_num":"203","src_bytes":"143194","src_ip":"a66d:d2e4:d3b0:d371:6510:e72b:732c:a724","src_mac":"e5:7e:ae:1b:da:4e","src_packets":"110","src_port":"6900","start_time":"2025:01:09 12:22:34.633","sys_up_time_first":"148224541336444770","sys_up_time_last":"3769449511602436075","ts":"Thu Jan 9 12:22:34 2025","vendor":"Gigamon","version":"3.9.33"},{"app_id":"24","app_name":"content-filter","device_inbound_interface":"3","dst_bytes":"198410","dst_ip":"130.61.173.172","dst_mac":"e2:9c:b8:a3:d9:54","dst_packets":"26","dst_port":"17037","egress_intf_id":"6","end_reason":"4","end_time":"2025:01:09 12:22:34.299","generator":"gs_apps_app_d11b6392-b0ea-46f6-b320-279556fe482e","id":"2248969866446176095","intf_name":"eth5","ip_version":"4","protocol":"67","seq_num":"345","src_bytes":"908102","src_ip":"54.25.231.185","src_mac":"f1:c5:3c:fd:c5:61","src_packets":"140","src_port":"33381","start_time":"2025:01:09 12:22:34.299","sys_up_time_first":"2578677786243291464","sys_up_time_last":"4771932825061910070","ts":"Thu Jan 9 12:22:34 2025","vendor":"Gigamon","version":"5.12.15"},{"app_id":"6","app_name":"content-filter","device_inbound_interface":"8","dst_bytes":"309289","dst_ip":"114.163.33.197","dst_mac":"31:6a:c3:75:7a:33","dst_packets":"13","dst_port":"55201","egress_intf_id":"2","end_reason":"13","end_time":"2025:01:09 12:22:34.446","generator":"gs_apps_app_22576787-32ac-4b5e-a524-c3c751b1dc75","id":"5566015925231396458","intf_name":"eth13","ip_version":"4","protocol":"86","seq_num":"847","src_bytes":"532539","src_ip":"213.227.97.96","src_mac":"e5:8c:db:ad:61:22","src_packets":"180","src_port":"2462","start_time":"2025:01:09 12:22:34.446","sys_up_time_first":"5459721243789070935","sys_up_time_last":"8047423005439783505","ts":"Thu Jan 9 12:22:34 2025","vendor":"Gigamon","version":"1.5.12"},{"app_id":"20","app_name":"firewall","device_inbound_interface":"1","dst_bytes":"551988","dst_ip":"118a:c3b0:10ec:ac0f:12cc:dc2a:1eff:d6a1","dst_mac":"fa:cc:8f:f1:47:6e","dst_packets":"214","dst_port":"44548","egress_intf_id":"4","end_reason":"6","end_time":"2025:01:09 12:22:34.377","generator":"gs_apps_app_6f93dfb7-ebf2-41d1-86e6-57e22dada840","id":"447617703190891175","intf_name":"eth11","ip_version":"6","protocol":"38","seq_num":"795","src_bytes":"376994","src_ip":"a98a:507c:4a49:e55f:a037:55fe:2d6c:4474","src_mac":"7e:62:a3:e9:44:b8","src_packets":"172","src_port":"57161","start_time":"2025:01:09 12:22:34.377","sys_up_time_first":"8573926234496799809","sys_up_time_last":"8917822762535978593","ts":"Thu Jan 9 12:22:34 2025","vendor":"Gigamon","version":"5.5.80"}]

[{"app_id":"44","app_name":"dpi","device_inbound_interface":"8","dst_bytes":"422806","dst_ip":"61.40.119.243","dst_mac":"05:b4:57:a3:99:08","dst_packets":"164","dst_port":"2353","egress_intf_id":"7","end_reason":"1","end_time":"2025:01:09 12:22:33.092","generator":"gs_apps_app_2d4ed092-4d8f-420c-ab80-7f8557d99847","id":"1531430744998062578","intf_name":"eth16","ip_version":"4","protocol":"77","seq_num":"366","src_bytes":"380192","src_ip":"84.108.125.3","src_mac":"dc:10:db:34:0b:fa","src_packets":"132","src_port":"8767","start_time":"2025:01:09 12:22:33.092","sys_up_time_first":"7997511474323902019","sys_up_time_last":"8043823148859209025","ts":"Thu Jan 9 12:22:33 2025","vendor":"Gigamon","version":"1.0.34"},{"app_id":"9","app_name":"dns","device_inbound_interface":"4","dst_bytes":"748560","dst_ip":"212.25.40.29","dst_mac":"80:ee:b1:2e:1a:30","dst_packets":"56","dst_port":"55053","egress_intf_id":"6","end_reason":"15","end_time":"2025:01:09 12:22:33.767","generator":"gs_apps_app_03a26b80-4051-4feb-9f66-331728c27fc5","id":"261024580481547686","intf_name":"eth7","ip_version":"4","protocol":"58","seq_num":"798","src_bytes":"130467","src_ip":"250.61.248.146","src_mac":"1c:3a:9b:ec:5e:44","src_packets":"33","src_port":"36423","start_time":"2025:01:09 12:22:33.767","sys_up_time_first":"2965495184713561415","sys_up_time_last":"5437920130076891633","ts":"Thu Jan 9 12:22:33 2025","vendor":"Gigamon","version":"5.14.90"}]