flowy/https-flows.flw

splitter S {}

filter fil_dstport {
	dstport = 443
}

filter fil_srcport {
	srcport = 443
}

grouper g_fil_dstport {
   module g1 {
   }
   aggregate sum(bytes) as bytes, bitOR(tcp_flags) as flags
#   aggregate srcip, dstip, sum(bytes) as bytes, count(rec_id) as n, 
#   bitOR(tcp_flags) as flags, union(srcport) as srcports
}

grouper g_fil_srcport {
   module g1 {
   }
   aggregate sum(bytes) as bytes, bitOR(tcp_flags) as flags
#   aggregate srcip, dstip, sum(bytes) as bytes, count(rec_id) as n, 
#   bitOR(tcp_flags) as flags, union(dstport) as dstports
}

groupfilter ggf {
  bitAND(flags, 0x13) = 0x13
}

merger M {
   module m1 {
	branches B, A 
	A m B delta 1440min
   }
   export m1
}

ungrouper U {}

"./netflow-trace.h5" -> S
S branch A -> fil_dstport -> g_fil_dstport -> ggf -> M
S branch B -> fil_srcport -> g_fil_srcport -> ggf -> M
M->U->"./ungroped.h5"