NFQL: A tool for querying network flow records

Cisco's NetFlow protocol and IETF's IPFIX open standard are the widely deployed techniques for collecting network How statistics. Understanding certain patterns in these network statistics requires sophisticated How analysis tools that can efficiently mine How records. We recently proposed Network Flow Query Language (NFQL) that can process How records, aggregate them into groups, apply absolute or relative filters, and invoke Allen interval algebra rules to merge group records. In this paper, we introduce an efficient implementation of the query language. It has been evaluated by a suite of benchmarks against contemporary How-processing tools.