Mechanism for identifying differences between network snapshots

The invention claimed is: 1. A computer-implemented method comprising: receiving a set of messages associated with an output stream of a stream processing service, wherein each message in the set of messages includes a network snapshot segment; determining, from the set of messages, a message of the set of messages includes an end tag; based on the end tag, determining that the set of messages includes the network snapshot segments for a first network snapshot and a second network snapshot; in response to determining the set of messages includes the network snapshot segments for a first network snapshot and a second network snapshot, compiling the network snapshot segments from the set of messages into the first network snapshot and the second network snapshot; identifying a difference between the first network snapshot and the second network snapshot; and providing the difference to a consumer system. 2. The computer-implemented method of claim 1 , wherein the first network snapshot corresponds to a state of a network during a first time period and the second network snapshot corresponds to the state of the network during a second time period. 3. The computer-implemented method of claim 2 , wherein the state of the network comprises network policies for the network. 4. The computer-implemented method of claim 1 , wherein the difference between the first network snapshot and the second network snapshot indicates a change in a state of a network. 5. The computer-implemented method of claim 1 , further comprising: receiving, from the consumer system, filtering criteria for the first network snapshot and the second network snapshot; and filtering the difference between the first network snapshot and the second network snapshot based on the filtering criteria. 6. The computer-implemented method of claim 1 , further comprising: receiving, from the consumer system, filtering criteria for the first network snapshot and the second network snapshot; and filtering the first network snapshot and the second network snapshot based on the filtering criteria. 7. The computer-implemented method of claim 6 , wherein the filtering criteria comprises a list of IP addresses associated with the consumer system. 8. The computer-implemented method of claim 1 , further comprising: receiving a first message associated with the output stream, wherein the first message includes a first network snapshot segment and an offset for the first network snapshot segment; determining, based on the offset, that at least one additional network snapshot segment associated with the output stream has not been previously received; and transmit, to the stream processing service, a request for the at least one additional network snapshot segment. 9. The computer-implemented method of claim 8 , wherein the request the at least one additional network snapshot segment is for an out-of-stream message outside a sequence of messages associated with the output stream, wherein the out-of-stream message includes the at least one additional network snapshot segment. 10. A non-transitory computer-readable medium having computer readable instructions that, upon being executed by a processor, cause the processor to: receive a set of network snapshot segments from an output stream of a stream processing service; determine, from the set of messages, a message of the set of messages includes an end tag; based on the end tag, determine that the set of messages includes the network snapshot segments for a first network snapshot and a second network snapshot; in response to the determination that the set of messages includes the network snapshot segments for a first network snapshot and a second network snapshot, compile the set of network snapshot segments from the output stream into the first network snapshot and the second network snapshot; and compare the first network snapshot and the second network snapshot to identify a difference between the first network snapshot and the second network snapshot. 11. The non-transitory computer-readable medium of claim 10 , wherein the instructions, upon being executed by the processor, further cause the processor to provide the difference to a consumer system. 12. The non-transitory computer-readable medium of claim 10 , wherein each network snapshot segment in the set of network snapshot segments is associated with an offset, and wherein the first network snapshot and the second network snapshot is compiled based on the offsets for each network snapshot segment in the set of network snapshot segments. 13. The non-transitory computer-readable medium of claim 10 , wherein the first network snapshot corresponds to a state of a network during a first time period and the second network snapshot corresponds to the state of the network during a second time period. 14. The non-transitory computer-readable medium of claim 13 , wherein the state of the network comprises network policies for the network. 15. The non-transitory computer-readable medium of claim 10 , wherein the instructions further cause the processor to: receive, from a consumer system, filtering criteria for the first network snapshot and the second network snapshot; and filter the first network snapshot and the second network snapshot based on the filtering criteria. 16. A system comprising: a processor; and memory including instructions that, upon being executed by the processor, cause the system to: receive, from a consumer system, filtering criteria for network information generated by a network traffic monitoring system; receive a set of messages associated with an output stream of a stream processing service, wherein each message in the set of messages includes a network snapshot segment; determine, from the set of messages, a message of the set of messages includes an end tag; based on the end tag, determine that the set of messages includes the network snapshot segments for a first network snapshot and a second network snapshot; in response to the determination that the set of messages includes the network snapshot segments for a first network snapshot and a second network snapshot, compile the network snapshot segments from the set of messages into the first network snapshot and the second network snapshot; identify a difference between the first network snapshot and the second network snapshot, wherein the difference complies with the filtering criteria; and provide the difference to an end usera consumer system. 17. The system of claim 16 , comprising further instructions, which when executed causes the system to: receive, from the consumer system, filtering criteria for network information generated by a network traffic monitoring system, wherein the filtering criteria is a list of IP addresses associated from the consumer system. 18. The system of claim 16 , wherein the first network snapshot corresponds to a state of a network during a first time period and the second network snapshot corresponds to the state of the network during a second time period. 19. The system of claim 18 , wherein the state of the network comprises network policies for the network. 20. The system of claim 16 , wherein the difference between the first network snapshot and the second network snapshot indicates a change in a state of a network.