Network telemetry collection with packet metadata filtering

What is claimed is: 1. A method comprising: establishing, by a telemetry exporter in a network, a tunnel between the telemetry exporter and a traffic analysis service; obtaining, by the telemetry exporter, packet copies of a plurality of packets sent between devices via the network; forming, by the telemetry exporter, a set of traffic telemetry data by discarding a portion of one or more of the packet copies, based on a filter policy that specifies one or more packet headers of the packet copies to be included in the set of traffic telemetry data; and after discarding the portion of one or more of the packet copies, sending, by the telemetry exporter and via the tunnel, the set of traffic telemetry data to the traffic analysis service for analysis. 2. The method as in claim 1 , wherein the plurality of packets are encrypted, and wherein the traffic analysis service uses a machine learning-based classifier to classify the set of traffic telemetry data. 3. The method as in claim 1 , wherein the portion of one or more of the packet copies that is discarded comprises a payload of that packet copy. 4. The method as in claim 1 , wherein the filter policy further specifies that Transport Layer Security (TLS) handshake records in the packet copies should be included in the set of traffic telemetry data. 5. The method as in claim 1 , wherein the filter policy further specifies that Domain Name System (DNS) responses in the packet copies should be included in the set of traffic telemetry data. 6. The method as in claim 1 , wherein the traffic analysis service is implemented on a cloud-based server located remotely of the telemetry exporter. 7. The method as in claim 1 , wherein the filter policy further specifies that packet copies of initial Transmission Control Protocol (TCP) packets from the plurality of packets that were sent prior to an acknowledgement should be included in the set of traffic telemetry data. 8. The method as in claim 1 , further comprising: dynamically adjusting, by the telemetry exporter, the filter policy, based on an instruction received from the traffic analysis service. 9. An apparatus, comprising: one or more network interfaces to communicate with a network; a processor coupled to the one or more network interfaces and configured to execute one or more processes; and a memory configured to store a process executable by the processor, the process when executed configured to: establish a tunnel between a telemetry exporter and a traffic analysis service; obtain packet copies of a plurality of packets sent between devices via the network; form a set of traffic telemetry data by discarding a portion of one or more of the packet copies, based on a filter policy that specifies one or more packet headers of the packet copies to be included in the set of traffic telemetry data; and after discarding the portion of one or more of the packet copies, send, via the tunnel, the set of traffic telemetry data to the traffic analysis service for analysis. 10. The apparatus as in claim 9 , wherein the plurality of packets are encrypted, and wherein the traffic analysis service uses a machine learning-based classifier to classify the set of traffic telemetry data. 11. The apparatus as in claim 9 , wherein the portion of one or more of the packet copies that is discarded comprises a payload of that packet copy. 12. The apparatus as in claim 9 , wherein the filter policy further specifies that Transport Layer Security (TLS) handshake records in the packet copies should be included in the set of traffic telemetry data. 13. The apparatus as in claim 9 , wherein the filter policy further specifies that Domain Name System (DNS) responses in the packet copies should be included in the set of traffic telemetry data. 14. The apparatus as in claim 9 , wherein the traffic analysis service is implemented on a cloud-based server located remotely of the telemetry exporter. 15. The apparatus as in claim 9 , wherein the filter policy further specifies that packet copies of initial Transmission Control Protocol (TCP) packets from the plurality of packets that were sent prior to an acknowledgement should be included in the set of traffic telemetry data. 16. The apparatus as in claim 9 , wherein the process when executed is further configured to: dynamically adjust the filter policy, based on an instruction received from the traffic analysis service. 17. The apparatus as in claim 9 , wherein the apparatus comprises a network switch or router. 18. A tangible, non-transitory, computer-readable medium storing program instructions that cause a telemetry exporter in a network to execute a process comprising: establishing, by the telemetry exporter, a tunnel between the telemetry exporter and a traffic analysis service; obtaining, by the telemetry exporter, packet copies of a plurality of packets sent between devices via the network; forming, by the telemetry exporter, a set of traffic telemetry data by discarding a portion of one or more of the packet copies, based on a filter policy that specifies one or more packet headers of the packet copies to be included in the set of traffic telemetry data; and after discarding the portion of one or more of the packet copies, sending, by the telemetry exporter and via the tunnel, the set of traffic telemetry data to the traffic analysis service for analysis. 19. The tangible, non-transitory, computer-readable medium as in claim 18 , wherein the plurality of packets are encrypted, and wherein the traffic analysis service uses a machine learning-based classifier to classify the set of traffic telemetry data. 20. The tangible, non-transitory, computer-readable medium as in claim 18 , wherein the portion of one or more of the packet copies that is discarded comprises a payload of that packet copy.