| NFO timestamp | Format: Mmm dd hh:mm:ss |
| NFO server IP address | Format: IPv4_address |
| NFO server NetFlow source ID | Configurable. |
| nfc_id | Message type identifier | “nfc_id=20200” |
| exp_ip | Network device (exporter) IP address | <IPv4_address> |
| dest_ip | Monitored server IP address | <IPv4_address> |
| dest_port | Monitored server port number | <number> |
| src_ip | “Low and Slow” client IPv4 address | <IPv4_address> |
| [src_host] | Host name of an active “Low and Slow” client | <string> |
| [src_cc] | Country code of an active “Low and Slow” client | <string> |
| first_seen | Time when slow sessions was detected first time, unix seconds | <number>, unix sec |
| last_seen | Time when slow sessions was detected last time, unix seconds | <number>, unix sec |
| con_count | Total number of slow sessions | <number> |