Netflow Receiver
Available in: contrib
Maintainers: @evan-bradley, @dlopes7
Source: opentelemetry-collector-contrib
Supported Telemetry
Overview
This receiver gives OpenTelemetry users the capability of monitoring network traffic, and answer questions like:- Which protocols are passing through the network?
- Which servers and clients are producing the highest amount of traffic?
- What ports are involved in these network calls?
- How many bytes and packets are being sent and received?
Getting started
By default the receiver will listen for ipfix and netflow on port2055. The receiver can be configured to listen on different ports and protocols.
Example configuration:
sending_queue::batch option to reduce the number of log requests being sent by the exporter. The batch option will batch log records together and send them in a single request to the exporter.
You would then configure your network devices to send netflow, sflow, or ipfix data to the Collector on the specified ports.
Configuration
| Field | Description | Examples | Default |
|---|---|---|---|
| scheme | The type of flow data that to receive | sflow, netflow | netflow |
| hostname | The hostname or IP address to bind to | localhost | 0.0.0.0 |
| port | The port to bind to | 2055 or 6343 | 2055 |
| sockets | The number of sockets to use | 1 | 1 |
| workers | The number of workers used to decode incoming flow messages | 2 | 2 |
| queue_size | The size of the incoming netflow packets queue, it will always be at least 1000. | 5000 | 1000 |
| send_raw | Whether to send raw flow messages instead of parsing them | true, false | false |
send_raw is set to true, the receiver will:
- Skip parsing the netflow/sflow messages
- Send the raw message as the log body
Data format
The netflow data is standardized for the different schemas and is converted to OpenTelemetry log records following the semantic conventions The log record will have the following attributes (with examples):- source.address: Str(132.189.238.100)
- source.port: Int(1255)
- destination.address: Str(241.171.33.110)
- destination.port: Int(64744)
- network.transport: Str(tcp)
- network.type: Str(ipv4)
- flow.io.bytes: Int(853)
- flow.io.packets: Int(83)
- flow.type: Str(netflow_v5)
- flow.sequence_num: Int(191)
- flow.time_received: Int(1736309689918929427)
- flow.start: Int(1736309689830846400)
- flow.end: Int(1736309689871846400)
- flow.sampling_rate: Int(0)
- flow.sampler_address: Str(172.28.176.1)
- flow.tcp_flags: Int(0)
- Observed timestamp: The time the flow was received.
- Timestamp: The flow
startfield.
Schema support
netflow
- Process Template Records if present
- Process Netflow V5, V9, and IPFIX messages
- Extract the attributes documented above
- Mapping of custom fields is not yet supported
sflow
- Process sFlow version 5 datagrams
flow_sampleandflow_sample_expandedare supported.counter_sampleandcounter_sample_expandedare NOT yet supported.- Mapping of custom fields is not yet supported
Configuration
Example Configuration
Last generated: 2026-04-13