Download and install

sFlow-RT requires Java 1.8+. The following commands download, install and run the software:

tar -xvzf sflow-rt.tar.gz

Alternatively, the following command runs sFlow-RT in a Docker container (see sflow/sflow-rt for more options):

docker run -p 8008:8008 -p 6343:6343/udp sflow/sflow-rt

Use a web browser to connect to http://localhost:8008 to interact with the REST API.

The software is also available as RPM and DEB packages:

Package files are installed under the path /usr/local/sflow-rt/ and log files are directed to /usr/local/sflow-rt/log/sflow-rt-<N>.log

There are no access controls built into sFlow-RT. However, HTTP access can be restricted to the local host by setting the http.hostname property to and a reverse proxy can then be used to secure remote access to the REST API.

The following Apache configuration makes the sFlow-RT REST API accessible under the path /sflow-rt/

<IfModule mod_proxy.c>
  ProxyRequests off
  ProxyVia off
  ProxyPass        /sflow-rt/ retry=0 timeout=5
  ProxyPassReverse /sflow-rt/
  <IfModule mod_headers.c>
    RequestHeader append X-Forwarded-Prefix "/sflow-rt/"
<Location /sflow-rt/>
  # insert access policy below

Alternatively, the following is an equivalent configuration for NGINX:

location /sflow-rt/ {
  proxy_buffering off;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Prefix /sflow-rt/;
  proxy_set_header Host $host;
  proxy_pass http://localhost:8008/;
  proxy_redirect ~^http://[^/]+(/.+)$ /sflow-rt$1;
  # insert access policy below

Please read and accept the License Agreement before downloading this software.


The following command downloads and installs an application:

./sflow-rt/ sflow-rt flow-trend

The following applications are currently available on GitHub:

UserApplicationDocker ImageDescription
sflow‑rtactive-routessflow/active-routesReal-time active BGP route cache
sflow‑rtddos-blackholesflow/ddos-blackholeReal-time DDoS flood mitigation using null route
sflow‑rtddos-protectsflow/ddos-protectReal-time DDoS flood mitigation using BGP RTBH and FlowSpec
sflow‑rtfabric-viewsflow/fabric-viewReal-time visibility for leaf / spine ECMP fabrics
sflow‑rtflow-trendsflow/flow-trendReal-time top network flows trend chart
sflow‑rtix-metricssflow/ix-metricsReal-time monitoring of Internet Exchange (IX) traffic
sflow‑rtparticlesflow/particleVisualize real-time traffic using animated particles
sflow‑rtprometheussflow/prometheusExport metrics to Prometheus time series database
sflow‑rtsflow-testsflow/sflow-testTest data center switch sFlow implementation
sflow‑rttop-flowssflow/top-flowsReal-time top network flows table
sflow‑rtvizceralsflow/vizceralReal-time traffic visualization using NetFlix Vizceral
sflow‑rtbrowse-metricssflow/prometheusBrowse and trend metrics
sflow‑rtbrowse-flowssflow/prometheusBrowse and trend traffic flows
sflow‑rtbrowse-dropssflow/prometheusBrowse and trend dropped packets
sflow‑rtworld-mapReal-time traffic displayed on world map
sflow‑rtmininet-dashboardReal-time dashboard for Mininet
sflow‑rtdashboard-exampleReal-time dashboard example
sflow‑rtflow-graphReal-time graph of network associations
sflow‑rttrace-flowReal-time traffic tracing against topology
sflow‑rtsvg-weatherReal-time network weathermap example
pphaalovs-2015Overlay/underlay network virtualization visibility demo
pphaalsc15-weatherSC15 SCinet real-time weathermap

Writing Applications provides an introduction describing the structure of an sFlow-RT application. Post information on new applications to the sFlow-RT group to have them listed.


Please post questions, suggestions and applications to the sFlow-RT group.

Production use

Contact to discuss production licensing options for sFlow-RT.