| NFO timestamp | Format: Mmm dd hh:mm:ss |
| NFO server IP address | Format: IPv4_address |
| NFO server NetFlow source ID | Configurable. |
| nfc_id | Message type identifier | “nfc_id=20198” |
| exp_ip | Network device (exporter) IP address | <IPv4_address> |
| dest_ip | Monitored server IP address | <IPv4_address> |
| dest_port | Monitored server port number | <number> |
| protocol | Transport Protocol (TCP = 6, UDP = 17) | <number> |
| src_ip | Client IPv4 address | <IPv4_address> |
| [src_host] | Host name of an active client | <string> |
| [src_cc] | Country code of an active client | <string> |
| percent_of_total | Percent of total connections to the server made by the client during the observation interval | <decimal>, e.g. 25.444% is 25.444 |
| t_int | Observation time interval, msec | <number> |