{
  "_index": "logstash-netflow-2022.09.12",
  "_type": "_doc",
  "_id": "0BAkM4MBfTCdXV7asoF7",
  "_version": 1,
  "_score": null,
  "_source": {
    "timestamp": "2022-09-12T21:19:41.465428+0200",
    "app_proto": "tls",
    "tcp": {
      "tcp_flags": "1b",
      "ack": true,
      "psh": true,
      "fin": true,
      "syn": true
    },
    "input": {
      "type": "log"
    },
    "see_name": "stamus-central-server",
    "type": "json-log",
    "net_info": {},
    "log": {
      "offset": 1412804506,
      "file": {
        "path": "/var/log/suricata/eve-0.json"
      }
    },
    "flow_id": 569491981970325,
    "@version": "1",
    "event_type": "netflow",
    "in_iface": "tppdummy0",
    "see_id": "2a2cf4376cba",
    "ether": {
      "src_macs": [
        "00:17:fb:00:00:16"
      ],
      "dest_macs": [
        "00:15:5d:01:c4:01"
      ]
    },
    "metadata": {
      "flowbits": [
        "stamus.pass"
      ]
    },
    "agent": {
      "id": "9f305fa4-6db1-485c-81f9-598dce1469e3",
      "version": "7.16.1",
      "name": "SSProbe-1",
      "type": "filebeat",
      "ephemeral_id": "50e455b7-c932-4cf1-a630-0675035aba08",
      "hostname": "SSProbe-1"
    },
    "tags": [
      "beats_input_codec_json_applied"
    ],
    "host": "SSProbe-1",
    "dest_ip": "xx.xx.xx.xx",
    "@timestamp": "2022-09-12T19:19:41.465Z",
    "ecs": {
      "version": "1.12.0"
    },
    "src_port": 443,
    "netflow": {
      "bytes": 20215,
      "pkts": 23,
      "min_ttl": 111,
      "start": "2022-09-12T21:13:38.591347+0200",
      "end": "2022-09-12T21:13:39.471346+0200",
      "age": 1,
      "max_ttl": 128
    },
    "proto": "TCP",
    "src_ip": "xx.xx.xx.xx",
    "dest_port": 55637
  },
  "fields": {
    "@timestamp": [
      "2022-09-12T19:19:41.465Z"
    ],
    "netflow.start": [
      "2022-09-12T19:13:38.591Z"
    ],
    "netflow.end": [
      "2022-09-12T19:13:39.471Z"
    ],
    "timestamp": [
      "2022-09-12T19:19:41.465Z"
    ]
  },
  "sort": [
    1663010381465
  ]
}