schema:AWS.TransitGatewayFlowparser:native:name:AWS.TransitGatewayFlowdescription: TransitGatewayFlow logs enable you to capture information about the IP traffic going to and from your transit gateways.
referenceURL:https://docs.aws.amazon.com/vpc/latest/tgw/tgw-flow-logs.htmlfields: - name:versiondescription:The Transit Gateway Flow Logs version. If you use the default format, the version is 2.type:bigint - name:resourceTypedescription:Where the subscription was created, either TransitGateway or TransitGatewayAttachment.type:string - name:accountIddescription:The AWS account ID owner of the transit gateway.type:stringindicators: - aws_account_id - name:tgwIdrequired:truedescription:The ID of the transit gateway for which traffic is being recorded.type:string - name:tgwAttachmentIddescription:The ID of the transit gateway attachment for which traffic is being recorded.type:string - name:tgwPairAttachmentIddescription:Depending on the flow direction, this is either the egress or ingress attachment ID of the flow.type:string - name:protocoldescription:The IANA protocol number of the traffic.type:bigint - name:packetsdescription:The number of packets transferred during the flow.type:bigint - name:bytesdescription:The number of bytes transferred during the flow.type:bigint - name:startrequired:truedescription:The time of the start of the flow (UTC).type:timestamptimeFormats: - unixisEventTime:true - name:enddescription:The time of the end of the flow (UTC).type:timestamptimeFormats: - unix - name:logStatus description: 'The logging status of the flow log. OK: Data is logging normally to the chosen destinations. NODATA: There was no network traffic to or from the network interface during the aggregation interval. SKIPDATA: Some flow log records were skipped during the aggregation interval. This might be because of an internal capacity constraint, or an internal error.'
type:string - name:typedescription:'The type of traffic: IPv4, IPv6, or EFA.'type:string - name:packetsLostNoRoutedescription:The packets lost due to no route being specified.type:bigint - name:packetsLostBlackholedescription:The packets lost due to a black hole.type:bigint - name:packetsLostMtuExceededdescription:The packets lost due to the size exceeding the MTU.type:bigint - name:packetsLostTtlExpireddescription:The packets lost due to the expiration of time-to-live.type:bigint - name:tcpFlags description: 'The bitmask value for the following TCP flags: FIN: 1, SYN: 2, RST: 4, PSH: 8, ACK: 16, SYN-ACK: 18, URG: 32. When a flow log entry consists of only ACK packets, the flag value is 0, not 16. TCP flags can be OR-ed during the aggregation interval. For short connections, the flags might be set on the same line in the flow log record, for example, 19 for SYN-ACK and FIN, and 3 for SYN and FIN.'
type:bigint - name:regiondescription:The Region that contains the transit gateway where traffic is recorded.type:string - name:flowDirection description: 'The direction of the flow with respect to the interface where traffic is captured. The possible values are: ingress | egress.'
type:string - name:tgwSrcVpcAccountIddescription:The AWS account ID for the source VPC traffic.type:stringindicators: - aws_account_id - name:tgwSrcVpcIddescription:The ID of the source VPC for the transit gatewaytype:string - name:tgwSrcSubnetIddescription:The ID of the subnet for the transit gateway source traffic.type:string - name:tgwSrcEnidescription:The ID of the source transit gateway attachment ENI for the flow.type:string - name:tgwSrcAzId description: The ID of the Availability Zone that contains the source transit gateway for which traffic is recorded. If the traffic is from a sublocation, the record displays a '-' symbol for this field.
type:string - name:srcAddr description: The source address for incoming traffic, or the IPv4 or IPv6 address of the transit gateway for outgoing traffic on the transit gateway. The IPv4 address of the transit gateway is always its private IPv4 address.
type:stringindicators: - ip - name:srcPortdescription:The source port of the traffic.type:bigint - name:pktSrcAwsService description: 'The name of the subset of IP address ranges for the srcaddr if the source IP address is for an AWS service. The possible values are: AMAZON | AMAZON_APPFLOW | AMAZON_CONNECT | API_GATEWAY | CHIME_MEETINGS | CHIME_VOICECONNECTOR | CLOUD9 | CLOUDFRONT | CODEBUILD | DYNAMODB | EBS | EC2 | EC2_INSTANCE_CONNECT | GLOBALACCELERATOR | KINESIS_VIDEO_STREAMS | ROUTE53 | ROUTE53_HEALTHCHECKS | ROUTE53_HEALTHCHECKS_PUBLISHING | ROUTE53_RESOLVER | S3 | WORKSPACES_GATEWAYS.'
type:string - name:tgwDstVpcAccountIddescription:The AWS account ID for the destination VPC traffic.type:stringindicators: - aws_account_id - name:tgwDstVpcIddescription:The ID of the destination VPC for the transit gateway.type:string - name:tgwDstSubnetIddescription:The ID of the subnet for the transit gateway destination traffic.type:string - name:tgwDstEnidescription:The ID of the destination transit gateway attachment ENI for the flow.type:string - name:tgwDstAzId description: The ID of the Availability Zone that contains the destination transit gateway for which traffic is recorded.
type:string - name:dstAddr description: The destination address for outgoing traffic, or the IPv4 or IPv6 address of the transit gateway for incoming traffic on the transit gateway. The IPv4 address of the transit gateway is always its private IPv4 address.
type:stringindicators: - ip - name:dstPortdescription:The destination port of the traffic.type:bigint - name:pktDstAwsService description: 'The name of the subset of IP address ranges for the dstaddr field, if the destination IP address is for an AWS service. The possible values are: AMAZON | AMAZON_APPFLOW | AMAZON_CONNECT | API_GATEWAY | CHIME_MEETINGS | CHIME_VOICECONNECTOR | CLOUD9 | CLOUDFRONT | CODEBUILD | DYNAMODB | EBS | EC2 | EC2_INSTANCE_CONNECT | GLOBALACCELERATOR | KINESIS_VIDEO_STREAMS | ROUTE53 | ROUTE53_HEALTHCHECKS | ROUTE53_HEALTHCHECKS_PUBLISHING | ROUTE53_RESOLVER | S3 | WORKSPACES_GATEWAYS.'
type:string
