Computes the Community ID, a standard for hashing network flows. This can be used to easily correlate and join network flows across systems.

This implements the community_id_v1 functions as described in the Community ID Spec. If the protocol is found to be ICMP, then icmptype and icmpcode will be mapped to port equivalents as described by the community_id_icmp function in the specification.

If this function receives invalid inputs (for example, an invalid IP or a port out of range), it will assign the empty string to the output field as.

ParameterTypeRequiredDefault ValueDescription
asstringoptional[a]_community_id Name of the output field
destinationipstringrequired  Name of destination IP address field. The value must be an IPv4 or IPv6 address.
destinationportintegeroptional[a]  Name of the destination port field. If set, the destinationip parameter must also be set.
  Minimum0 
  Maximum65535 
icmpcodeintegeroptional[a]  Name of the ICMP code field. If this parameter is set, then the icmptype parameter must also be set.
  Minimum0 
  Maximum65535 
icmptypeintegeroptional[a]  Name of the ICMP type field. If this parameter is set, then the icmpcode parameter must also be set.
  Minimum0 
  Maximum65535 
protostringrequired  Name of protocol field. This field will be read directly and either interpreted directly as a IANA protocol number, or as the keyword of a protocol number from the Protocol Numbers. The value in the field must be either a protocol keyword or a number in the range 0 to 255.
seedintegeroptional[a]0 The seed value used when computing the Community ID.
  Minimum0 
  Maximum65535 
sourceipstringrequired  Name of source IP address field. The value must be an IPv4 or IPv6 address.
sourceportstringoptional[a]  Name of the source port field. If set, the destinationip parameter must also be set.
  Minimum0 
  Maximum65535 

[a] Optional parameters use their default value unless explicitly set.

communityId() Examples

Calculates the Community ID for Netflow logs.

logscale
communityId(proto=flow.protocolIdentifier,
     sourceip=flow.sourceIPv4Address,
     sourceport=flow.sourceTransportPort,
     destinationip=flow.destinationIPv4Address,
     destinationport=flow.destinationTransportPort)