Sonata is a query-driven streaming network telemetry system that uses a declarative query interface to drive the joint collection and analysis of network traffic. It takes advantage of two emerging technologies--streaming analytics platforms and programmable network devices--to facilitate query-driven telemetry.
Sonata allows operators to directly express queries for a range network telemetry applications using a high level declarative language. Under the hood, Sonata partitions each query into a portion that runs in the switch and another that runs on the streaming analytics platform, iteratively refines the queries to efficiently capture only the traffic that satisfies the respective queries.
We have provided a VM-based installation for using SONATA using Vagrant.
Learn how to express queries for a range of telemetry applications with Sonata.