Configure flow logs
Flow log data types
Reference of key/value fields that Calico Cloud sends to Elasticsearch for flow logs, including endpoints, actions, byte counts, and policy verdicts.
Filter flow logs
Filter Calico Cloud flow logs through Fluentd to drop low-significance traffic and reduce managed Elasticsearch volume and cost.
Configure flow log aggregation
Tune Calico Cloud flow log aggregation levels to balance managed Elasticsearch volume and cost against pod and IP visibility for allowed and denied traffic.
Enable HostEndpoint reporting in flow logs
Turn on host endpoint reporting in Calico Cloud flow logs to gain visibility into traffic at HostEndpoint interfaces on Kubernetes nodes.
Enabling TCP socket stats in flow logs
Add TCP socket statistics to Calico Cloud flow logs with eBPF programs that capture round-trip time, retransmits, and other per-socket metrics.
Enable process-level information in flow logs
Add process executable paths and arguments to Calico Cloud flow logs with eBPF kprobe programs for process-level visibility into network activity.