Computes the Community ID, a standard for hashing network flows. This can be used to easily correlate and join network flows across systems.
This implements the community_id_v1
functions as described in the
Community ID
Spec. If the protocol is found to be ICMP, then icmptype and
icmpcode will be mapped to port equivalents as described by the
community_id_icmp function in the
specification.
If this function receives invalid inputs (for example, an invalid IP or a port out of range), it will assign the empty string to the output field as.
| Parameter | Type | Required | Default Value | Description |
|---|---|---|---|---|
as | string | optional[a] | _community_id | Name of the output field |
destinationip | string | required | Name of destination IP address field. The value must be an IPv4 or IPv6 address. | |
destinationport | integer | optional[a] | Name of the destination port field. If set, the destinationip parameter must also be set. | |
| Minimum | 0 | |||
| Maximum | 65535 | |||
icmpcode | integer | optional[a] | Name of the ICMP code field. If this parameter is set, then the icmptype parameter must also be set. | |
| Minimum | 0 | |||
| Maximum | 65535 | |||
icmptype | integer | optional[a] | Name of the ICMP type field. If this parameter is set, then the icmpcode parameter must also be set. | |
| Minimum | 0 | |||
| Maximum | 65535 | |||
proto | string | required | Name of protocol field. This field will be read directly and either interpreted directly as a IANA protocol number, or as the keyword of a protocol number from the Protocol Numbers. The value in the field must be either a protocol keyword or a number in the range 0 to 255. | |
seed | integer | optional[a] | 0 | The seed value used when computing the Community ID. |
| Minimum | 0 | |||
| Maximum | 65535 | |||
sourceip | string | required | Name of source IP address field. The value must be an IPv4 or IPv6 address. | |
sourceport | string | optional[a] | Name of the source port field. If set, the destinationip parameter must also be set. | |
| Minimum | 0 | |||
| Maximum | 65535 | |||
[a] Optional parameters use their default value unless explicitly set. | ||||
communityId() Examples
Calculates the Community ID for Netflow logs.
communityId(proto=flow.protocolIdentifier,
sourceip=flow.sourceIPv4Address,
sourceport=flow.sourceTransportPort,
destinationip=flow.destinationIPv4Address,
destinationport=flow.destinationTransportPort)