Set up your network devices so they send network data to New Relic.
Prerequisites and supported types of network flow data
New Relic prerequisites
- A New Relic account. Don't have one? Sign up for free! No credit card required.
- A New Relic account ID.
- A New Relic .
Linux host prerequisites
If you're using linux:
- SSH access to the host
- Access to install/remove applications and services
- Network access as defined in the network prerequisites
If you're using docker:
- Docker installed in a Linux host
- Ability to launch new containers via command line
Network flow data devices prerequisites
- Configured network devices to send flow data to the host running the ktranslate docker container. Here's how to configure network flow data collection in some devices:
- NetFlow data
- sFlow data
- jFlow data
Network security prerequisites
Check the network security prerequisites for network flow.
Supported types of network flow data
Network flow monitoring supports the four primary types of network flow data and their derivatives. When running the ktranslate container, you will specify which major type you want to monitor using the
The ktranslate container only supports monitoring one type of network flow data type at a time. If you want to monitor several types, each will require a container.
IPFIX and NetFlow v9 can be sent to the same container, but we recommend running a separate container as a best practice.
Network flow data type
Palo Alto Networks
Scaling network flow collection
When planning your strategy for collecting network flows at scale, New Relic recommends 1 CPU per 2000 flows-per-second (120,000 flows-per-minute). Deciding whether to run more small containers to distribute load or fewer large containers to consolidate management is a matter of personal preference.
Set up network flow data monitoring in New Relic
Go to one.newrelic.com > Add more data.
Scroll down until you see Network and click Network Flows.
Follow the steps outlined in the guided installation process. You can use docker or linux.
one.newrelic.com > Add more data > Network > Network Flows to set up network flow data monitoring.
Did this doc help with your installation?
Find and use your metrics
All network flow logs exported from the
ktranslate container use the
KFlow namespace, via the New Relic Event API. Currently, these are the default fields populated from this integration:
The class of program generating the traffic in this flow record. This is derived from the lowest numeric value from
The display name of the sampling device for this flow record.
The target IP address for this flow record.
The target Autonomous System Number for this flow record.
The target Autonomous System Name for this flow record.
The target country for this flow record, if known.
The number of bytes transferred for ingress flow records.
The number of packets transferred for ingress flow records.
The target port for this flow record.
The source port for this flow record.
The display name of the protocol used in this flow record, derived from the numeric IANA protocol number.
This attribute is used to uniquely identify various sources of data from
Sampling rate applied by either the sampling device configuration, or the
The source IP address for this flow record.
The source Autonomous System Number for this flow record.
The source Autonomous System Name for this flow record.
The source country for this flow record, if known.
TCP flags in this flow record.
The time, in Unix seconds, when this flow record was received by the New Relic Event API.