Configuration Changes

To improve the consistency of configuration options and prepare for future features on ElastiFlow's roadmap, many of the configuration options have been renamed or otherwise changed. The following is a list of all changes.

:::tip You may want to start with a clean 6.0 configuration file from either our provided docker-compose.yml example, or the flowcoll.conf file in the native packages. You can then provide only the modifications necessary to add to the new configuration. :::

Licensing Options

5.6.x Option	Status	Notes for 6.0
___	NEW	EF_LICENSE_ACCEPTED
EF_FLOW_ACCOUNT_ID	RENAMED	EF_ACCOUNT_ID
EF_FLOW_LICENSE_KEY	✓	Unchanged
EF_FLOW_LICENSED_UNITS	✓	Unchanged

5.6.x Option

Status

Notes for 6.0

___

NEW

EF_LICENSE_ACCEPTED

EF_FLOW_ACCOUNT_ID

RENAMED

EF_ACCOUNT_ID

EF_FLOW_LICENSE_KEY

✓

Unchanged

EF_FLOW_LICENSED_UNITS

✓

Unchanged

Logging Options

The only change is that FLOW_ has been removed from the option names.

5.6.x Option	Status	Notes for 6.0
EF_FLOW_LOGGER_LEVEL	RENAMED	EF_LOGGER_LEVEL
EF_FLOW_LOGGER_ENCODING	RENAMED	EF_LOGGER_ENCODING
EF_FLOW_LOGGER_FILE_LOG_ENABLE	RENAMED	EF_LOGGER_FILE_LOG_ENABLE
EF_FLOW_LOGGER_FILE_LOG_FILENAME	RENAMED	EF_LOGGER_FILE_LOG_FILENAME
EF_FLOW_LOGGER_FILE_LOG_MAX_SIZE	RENAMED	EF_LOGGER_FILE_LOG_MAX_SIZE
EF_FLOW_LOGGER_FILE_LOG_MAX_AGE	RENAMED	EF_LOGGER_FILE_LOG_MAX_AGE
EF_FLOW_LOGGER_FILE_LOG_MAX_BACKUPS	RENAMED	EF_LOGGER_FILE_LOG_MAX_BACKUPS
EF_FLOW_LOGGER_FILE_LOG_COMPRESS	RENAMED	EF_LOGGER_FILE_LOG_COMPRESS

5.6.x Option

Status

Notes for 6.0

EF_FLOW_LOGGER_LEVEL

RENAMED

EF_LOGGER_LEVEL

EF_FLOW_LOGGER_ENCODING

RENAMED

EF_LOGGER_ENCODING

EF_FLOW_LOGGER_FILE_LOG_ENABLE

RENAMED

EF_LOGGER_FILE_LOG_ENABLE

EF_FLOW_LOGGER_FILE_LOG_FILENAME

RENAMED

EF_LOGGER_FILE_LOG_FILENAME

EF_FLOW_LOGGER_FILE_LOG_MAX_SIZE

RENAMED

EF_LOGGER_FILE_LOG_MAX_SIZE

EF_FLOW_LOGGER_FILE_LOG_MAX_AGE

RENAMED

EF_LOGGER_FILE_LOG_MAX_AGE

EF_FLOW_LOGGER_FILE_LOG_MAX_BACKUPS

RENAMED

EF_LOGGER_FILE_LOG_MAX_BACKUPS

EF_FLOW_LOGGER_FILE_LOG_COMPRESS

RENAMED

EF_LOGGER_FILE_LOG_COMPRESS

Metrics Options

5.6.x Option	Status	Notes for 6.0
___	NEW	EF_INSTANCE_NAME
___	NEW	EF_METRICS_PORT
___	NEW	EF_METRICS_TLS_ENABLE
___	NEW	EF_METRICS_TLS_CERT_FILEPATH
___	NEW	EF_METRICS_TLS_KEY_FILEPATH

5.6.x Option

Status

Notes for 6.0

___

NEW

EF_INSTANCE_NAME

___

NEW

EF_METRICS_PORT

___

NEW

EF_METRICS_TLS_ENABLE

___

NEW

EF_METRICS_TLS_CERT_FILEPATH

___

NEW

EF_METRICS_TLS_KEY_FILEPATH

Flow UDP Server Options

5.6.x Option	Status	Notes for 6.0
EF_FLOW_SERVER_UDP_IP	✓	Unchanged
EF_FLOW_SERVER_UDP_PORT	✓	Unchanged
EF_FLOW_SERVER_UDP_READ_BUFFER_MAX_SIZE	✓	Unchanged
EF_FLOW_SERVER_UDP_PACKET_STREAM_MAX_SIZE	RENAMED	EF_FLOW_PACKET_STREAM_MAX_SIZE

5.6.x Option

Status

Notes for 6.0

EF_FLOW_SERVER_UDP_IP

✓

Unchanged

EF_FLOW_SERVER_UDP_PORT

✓

Unchanged

EF_FLOW_SERVER_UDP_READ_BUFFER_MAX_SIZE

✓

Unchanged

EF_FLOW_SERVER_UDP_PACKET_STREAM_MAX_SIZE

RENAMED

EF_FLOW_PACKET_STREAM_MAX_SIZE

AWS VPC Flow Logs Options

5.6.x Option	Status	Notes for 6.0
___	NEW	EF_AWS_VPC_FLOW_LOG_ENABLE
___	NEW	EF_AWS_VPC_FLOW_LOG_S3_BUCKET
___	NEW	EF_AWS_VPC_FLOW_LOG_PREFIX
___	NEW	AWS_REGION
___	NEW	AWS_ACCESS_KEY_ID
___	NEW	AWS_SECRET_ACCESS_KEY

5.6.x Option

Status

Notes for 6.0

___

NEW

EF_AWS_VPC_FLOW_LOG_ENABLE

___

NEW

EF_AWS_VPC_FLOW_LOG_S3_BUCKET

___

NEW

EF_AWS_VPC_FLOW_LOG_PREFIX

___

NEW

AWS_REGION

___

NEW

AWS_ACCESS_KEY_ID

___

NEW

AWS_SECRET_ACCESS_KEY

Decoding Options

5.6.x Option	Status	Notes for 6.0
EF_FLOW_DECODER_POOL_SIZE	RENAMED	EF_PROCESSOR_POOL_SIZE
EF_FLOW_DECODER_SETTINGS_PATH	✕	REMOVED: Absolute paths MUST now be used for all option values that define a path to a file or directory.
EF_FLOW_DECODER_IPFIX_ENABLE	RENAMED	EF_PROCESSOR_DECODE_IPFIX_ENABLE
EF_FLOW_DECODER_NETFLOW1_ENABLE	RENAMED	EF_PROCESSOR_DECODE_NETFLOW1_ENABLE
EF_FLOW_DECODER_NETFLOW5_ENABLE	RENAMED	EF_PROCESSOR_DECODE_NETFLOW5_ENABLE
EF_FLOW_DECODER_NETFLOW6_ENABLE	RENAMED	EF_PROCESSOR_DECODE_NETFLOW6_ENABLE
EF_FLOW_DECODER_NETFLOW7_ENABLE	RENAMED	EF_PROCESSOR_DECODE_NETFLOW7_ENABLE
EF_FLOW_DECODER_NETFLOW9_ENABLE	RENAMED	EF_PROCESSOR_DECODE_NETFLOW9_ENABLE
EF_FLOW_DECODER_SFLOW5_ENABLE	RENAMED	EF_PROCESSOR_DECODE_SFLOW5_ENABLE
EF_FLOW_DECODER_SFLOW_FLOWS_ENABLE	RENAMED	EF_PROCESSOR_DECODE_SFLOW_FLOWS_ENABLE
EF_FLOW_DECODER_SFLOW_FLOWS_KEEP_SAMPLES	RENAMED	EF_PROCESSOR_DECODE_SFLOW_FLOWS_KEEP_SAMPLES
EF_FLOW_DECODER_SFLOW_COUNTERS_ENABLE	RENAMED	EF_PROCESSOR_DECODE_SFLOW_COUNTERS_ENABLE
EF_FLOW_DECODER_TRANSLATE_KEEP_IDS	RENAMED	EF_PROCESSOR_TRANSLATE_KEEP_IDS

5.6.x Option

Status

Notes for 6.0

EF_FLOW_DECODER_POOL_SIZE

RENAMED

EF_PROCESSOR_POOL_SIZE

EF_FLOW_DECODER_SETTINGS_PATH

REMOVED: Absolute paths MUST now be used for all option values that define a path to a file or directory.

EF_FLOW_DECODER_IPFIX_ENABLE

RENAMED

EF_PROCESSOR_DECODE_IPFIX_ENABLE

EF_FLOW_DECODER_NETFLOW1_ENABLE

RENAMED

EF_PROCESSOR_DECODE_NETFLOW1_ENABLE

EF_FLOW_DECODER_NETFLOW5_ENABLE

RENAMED

EF_PROCESSOR_DECODE_NETFLOW5_ENABLE

EF_FLOW_DECODER_NETFLOW6_ENABLE

RENAMED

EF_PROCESSOR_DECODE_NETFLOW6_ENABLE

EF_FLOW_DECODER_NETFLOW7_ENABLE

RENAMED

EF_PROCESSOR_DECODE_NETFLOW7_ENABLE

EF_FLOW_DECODER_NETFLOW9_ENABLE

RENAMED

EF_PROCESSOR_DECODE_NETFLOW9_ENABLE

EF_FLOW_DECODER_SFLOW5_ENABLE

RENAMED

EF_PROCESSOR_DECODE_SFLOW5_ENABLE

EF_FLOW_DECODER_SFLOW_FLOWS_ENABLE

RENAMED

EF_PROCESSOR_DECODE_SFLOW_FLOWS_ENABLE

EF_FLOW_DECODER_SFLOW_FLOWS_KEEP_SAMPLES

RENAMED

EF_PROCESSOR_DECODE_SFLOW_FLOWS_KEEP_SAMPLES

EF_FLOW_DECODER_SFLOW_COUNTERS_ENABLE

RENAMED

EF_PROCESSOR_DECODE_SFLOW_COUNTERS_ENABLE

EF_FLOW_DECODER_TRANSLATE_KEEP_IDS

RENAMED

EF_PROCESSOR_TRANSLATE_KEEP_IDS

Application Enrichment Options

5.6.x Option	Status	Notes for 6.0
___	NEW	EF_PROCESSOR_ENRICH_APP_ID_ENABLE
___	NEW	EF_PROCESSOR_ENRICH_APP_ID_PATH
___	NEW	EF_PROCESSOR_ENRICH_APP_ID_TTL
EF_FLOW_DECODER_ENRICH_APP_CACHE_SIZE	✕	REMOVED: TTL is now used to flush old cache entries.
EF_FLOW_DECODER_ENRICH_APP_USERDEF_ENABLE	RENAMED	EF_PROCESSOR_ENRICH_APP_IPPORT_ENABLE
EF_FLOW_DECODER_ENRICH_APP_USERDEF_PRIVATE	RENAMED	EF_PROCESSOR_ENRICH_APP_IPPORT_PRIVATE
EF_FLOW_DECODER_ENRICH_APP_USERDEF_PUBLIC	RENAMED	EF_PROCESSOR_ENRICH_APP_IPPORT_PUBLIC
EF_FLOW_DECODER_ENRICH_APP_USERDEF_PATH	RENAMED	EF_PROCESSOR_ENRICH_APP_IPPORT_PATH
___	NEW	EF_PROCESSOR_ENRICH_APP_IPPORT_TTL
___	NEW	EF_PROCESSOR_ENRICH_APP_REFRESH_RATE

5.6.x Option

Status

Notes for 6.0

___

NEW

EF_PROCESSOR_ENRICH_APP_ID_ENABLE

___

NEW

EF_PROCESSOR_ENRICH_APP_ID_PATH

___

NEW

EF_PROCESSOR_ENRICH_APP_ID_TTL

EF_FLOW_DECODER_ENRICH_APP_CACHE_SIZE

REMOVED: TTL is now used to flush old cache entries.

EF_FLOW_DECODER_ENRICH_APP_USERDEF_ENABLE

RENAMED

EF_PROCESSOR_ENRICH_APP_IPPORT_ENABLE

EF_FLOW_DECODER_ENRICH_APP_USERDEF_PRIVATE

RENAMED

EF_PROCESSOR_ENRICH_APP_IPPORT_PRIVATE

EF_FLOW_DECODER_ENRICH_APP_USERDEF_PUBLIC

RENAMED

EF_PROCESSOR_ENRICH_APP_IPPORT_PUBLIC

EF_FLOW_DECODER_ENRICH_APP_USERDEF_PATH

RENAMED

EF_PROCESSOR_ENRICH_APP_IPPORT_PATH

___

NEW

EF_PROCESSOR_ENRICH_APP_IPPORT_TTL

___

NEW

EF_PROCESSOR_ENRICH_APP_REFRESH_RATE

:::danger While the configuration options for IP/port to application attributes enrichment are renamed, the format of the file pointed to by EF_PROCESSOR_ENRICH_APP_IPPORT_PATH has changed significantly. Please refer to the configuration reference page for an example. :::

IP Address Enrichment Options

The primary change is that FLOW_DECODER has been renamed to PROCESSOR in the option names.

5.6.x Option	Status	Notes for 6.0
___	NEW	EF_PROCESSOR_ENRICH_OPTION_ENUM_TTL
EF_FLOW_DECODER_ENRICH_IPADDR_TTL	RENAMED	EF_PROCESSOR_ENRICH_IPADDR_TTL
EF_FLOW_DECODER_ENRICH_IPADDR_METADATA_ENABLE	RENAMED	EF_PROCESSOR_ENRICH_IPADDR_METADATA_ENABLE
EF_FLOW_DECODER_ENRICH_IPADDR_METADATA_USERDEF_PATH	RENAMED	EF_PROCESSOR_ENRICH_IPADDR_METADATA_USERDEF_PATH
EF_FLOW_DECODER_ENRICH_IPADDR_METADATA_REFRESH_RATE	RENAMED	EF_PROCESSOR_ENRICH_IPADDR_METADATA_REFRESH_RATE
EF_FLOW_DECODER_ENRICH_DNS_ENABLE	RENAMED	EF_PROCESSOR_ENRICH_IPADDR_DNS_ENABLE
EF_FLOW_DECODER_ENRICH_DNS_NAMESERVER_IP	RENAMED	EF_PROCESSOR_ENRICH_IPADDR_DNS_NAMESERVER_IP
EF_FLOW_DECODER_ENRICH_DNS_NAMESERVER_TIMEOUT	RENAMED	EF_PROCESSOR_ENRICH_IPADDR_DNS_NAMESERVER_TIMEOUT
EF_FLOW_DECODER_ENRICH_DNS_RESOLVE_PRIVATE	RENAMED	EF_PROCESSOR_ENRICH_IPADDR_DNS_RESOLVE_PRIVATE
EF_FLOW_DECODER_ENRICH_DNS_RESOLVE_PUBLIC	RENAMED	EF_PROCESSOR_ENRICH_IPADDR_DNS_RESOLVE_PUBLIC
EF_FLOW_DECODER_ENRICH_DNS_USERDEF_PATH	RENAMED	EF_PROCESSOR_ENRICH_IPADDR_DNS_USERDEF_PATH
EF_FLOW_DECODER_ENRICH_DNS_USERDEF_REFRESH_RATE	RENAMED	EF_PROCESSOR_ENRICH_IPADDR_DNS_USERDEF_REFRESH_RATE
EF_FLOW_DECODER_ENRICH_DNS_INCLEXCL_PATH	RENAMED	EF_PROCESSOR_ENRICH_IPADDR_DNS_INCLEXCL_PATH
EF_FLOW_DECODER_ENRICH_DNS_INCLEXCL_REFRESH_RATE	RENAMED	EF_PROCESSOR_ENRICH_IPADDR_DNS_INCLEXCL_REFRESH_RATE
EF_FLOW_DECODER_ENRICH_MAXMIND_ASN_ENABLE	RENAMED	EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_ASN_ENABLE
EF_FLOW_DECODER_ENRICH_MAXMIND_ASN_PATH	RENAMED	EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_ASN_PATH
EF_FLOW_DECODER_ENRICH_MAXMIND_GEOIP_ENABLE	RENAMED	EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_GEOIP_ENABLE
EF_FLOW_DECODER_ENRICH_MAXMIND_GEOIP_PATH	RENAMED	EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_GEOIP_PATH
EF_FLOW_DECODER_ENRICH_MAXMIND_GEOIP_VALUES	RENAMED	EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_GEOIP_VALUES
EF_FLOW_DECODER_ENRICH_MAXMIND_GEOIP_LANG	RENAMED	EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_GEOIP_LANG
EF_FLOW_DECODER_ENRICH_MAXMIND_GEOIP_INCLEXCL_PATH	RENAMED	EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_GEOIP_INCLEXCL_PATH
EF_FLOW_DECODER_ENRICH_MAXMIND_GEOIP_INCLEXCL_REFRESH_RATE	RENAMED	EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_GEOIP_INCLEXCL_REFRESH_RATE
EF_FLOW_DECODER_ENRICH_RISKIQ_THREAT_ENABLE	RENAMED	EF_PROCESSOR_ENRICH_IPADDR_RISKIQ_THREAT_ENABLE
EF_FLOW_DECODER_ENRICH_RISKIQ_THREAT_ENDPOINT	RENAMED	EF_PROCESSOR_ENRICH_IPADDR_RISKIQ_THREAT_ENDPOINT
EF_FLOW_DECODER_ENRICH_RISKIQ_THREAT_REFRESH_INTERVAL	RENAMED	EF_PROCESSOR_ENRICH_IPADDR_RISKIQ_THREAT_REFRESH_INTERVAL
EF_FLOW_DECODER_ENRICH_RISKIQ_THREAT_INCLEXCL_PATH	RENAMED	EF_PROCESSOR_ENRICH_IPADDR_RISKIQ_THREAT_INCLEXCL_PATH
EF_FLOW_DECODER_ENRICH_RISKIQ_THREAT_INCLEXCL_REFRESH_RATE	RENAMED	EF_PROCESSOR_ENRICH_IPADDR_RISKIQ_THREAT_INCLEXCL_REFRESH_RATE
EF_FLOW_DECODER_ENRICH_RISKIQ_API_USER	RENAMED	EF_PROCESSOR_ENRICH_IPADDR_RISKIQ_API_USER
EF_FLOW_DECODER_ENRICH_RISKIQ_API_KEY	RENAMED	EF_PROCESSOR_ENRICH_IPADDR_RISKIQ_API_KEY
EF_FLOW_DECODER_ENRICH_RISKIQ_API_TIMEOUT	RENAMED	EF_PROCESSOR_ENRICH_IPADDR_RISKIQ_API_TIMEOUT
EF_FLOW_DECODER_ENRICH_ASN_PREF	RENAMED	EF_PROCESSOR_ENRICH_ASN_PREF

5.6.x Option

Status

Notes for 6.0

___

NEW

EF_PROCESSOR_ENRICH_OPTION_ENUM_TTL

EF_FLOW_DECODER_ENRICH_IPADDR_TTL

RENAMED

EF_PROCESSOR_ENRICH_IPADDR_TTL

EF_FLOW_DECODER_ENRICH_IPADDR_METADATA_ENABLE

RENAMED

EF_PROCESSOR_ENRICH_IPADDR_METADATA_ENABLE

EF_FLOW_DECODER_ENRICH_IPADDR_METADATA_USERDEF_PATH

RENAMED

EF_PROCESSOR_ENRICH_IPADDR_METADATA_USERDEF_PATH

EF_FLOW_DECODER_ENRICH_IPADDR_METADATA_REFRESH_RATE

RENAMED

EF_PROCESSOR_ENRICH_IPADDR_METADATA_REFRESH_RATE

EF_FLOW_DECODER_ENRICH_DNS_ENABLE

RENAMED

EF_PROCESSOR_ENRICH_IPADDR_DNS_ENABLE

EF_FLOW_DECODER_ENRICH_DNS_NAMESERVER_IP

RENAMED

EF_PROCESSOR_ENRICH_IPADDR_DNS_NAMESERVER_IP

EF_FLOW_DECODER_ENRICH_DNS_NAMESERVER_TIMEOUT

RENAMED

EF_PROCESSOR_ENRICH_IPADDR_DNS_NAMESERVER_TIMEOUT

EF_FLOW_DECODER_ENRICH_DNS_RESOLVE_PRIVATE

RENAMED

EF_PROCESSOR_ENRICH_IPADDR_DNS_RESOLVE_PRIVATE

EF_FLOW_DECODER_ENRICH_DNS_RESOLVE_PUBLIC

RENAMED

EF_PROCESSOR_ENRICH_IPADDR_DNS_RESOLVE_PUBLIC

EF_FLOW_DECODER_ENRICH_DNS_USERDEF_PATH

RENAMED

EF_PROCESSOR_ENRICH_IPADDR_DNS_USERDEF_PATH

EF_FLOW_DECODER_ENRICH_DNS_USERDEF_REFRESH_RATE

RENAMED

EF_PROCESSOR_ENRICH_IPADDR_DNS_USERDEF_REFRESH_RATE

EF_FLOW_DECODER_ENRICH_DNS_INCLEXCL_PATH

RENAMED

EF_PROCESSOR_ENRICH_IPADDR_DNS_INCLEXCL_PATH

EF_FLOW_DECODER_ENRICH_DNS_INCLEXCL_REFRESH_RATE

RENAMED

EF_PROCESSOR_ENRICH_IPADDR_DNS_INCLEXCL_REFRESH_RATE

EF_FLOW_DECODER_ENRICH_MAXMIND_ASN_ENABLE

RENAMED

EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_ASN_ENABLE

EF_FLOW_DECODER_ENRICH_MAXMIND_ASN_PATH

RENAMED

EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_ASN_PATH

EF_FLOW_DECODER_ENRICH_MAXMIND_GEOIP_ENABLE

RENAMED

EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_GEOIP_ENABLE

EF_FLOW_DECODER_ENRICH_MAXMIND_GEOIP_PATH

RENAMED

EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_GEOIP_PATH

EF_FLOW_DECODER_ENRICH_MAXMIND_GEOIP_VALUES

RENAMED

EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_GEOIP_VALUES

EF_FLOW_DECODER_ENRICH_MAXMIND_GEOIP_LANG

RENAMED

EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_GEOIP_LANG

EF_FLOW_DECODER_ENRICH_MAXMIND_GEOIP_INCLEXCL_PATH

RENAMED

EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_GEOIP_INCLEXCL_PATH

EF_FLOW_DECODER_ENRICH_MAXMIND_GEOIP_INCLEXCL_REFRESH_RATE

RENAMED

EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_GEOIP_INCLEXCL_REFRESH_RATE

EF_FLOW_DECODER_ENRICH_RISKIQ_THREAT_ENABLE

RENAMED

EF_PROCESSOR_ENRICH_IPADDR_RISKIQ_THREAT_ENABLE

EF_FLOW_DECODER_ENRICH_RISKIQ_THREAT_ENDPOINT

RENAMED

EF_PROCESSOR_ENRICH_IPADDR_RISKIQ_THREAT_ENDPOINT

EF_FLOW_DECODER_ENRICH_RISKIQ_THREAT_REFRESH_INTERVAL

RENAMED

EF_PROCESSOR_ENRICH_IPADDR_RISKIQ_THREAT_REFRESH_INTERVAL

EF_FLOW_DECODER_ENRICH_RISKIQ_THREAT_INCLEXCL_PATH

RENAMED

EF_PROCESSOR_ENRICH_IPADDR_RISKIQ_THREAT_INCLEXCL_PATH

EF_FLOW_DECODER_ENRICH_RISKIQ_THREAT_INCLEXCL_REFRESH_RATE

RENAMED

EF_PROCESSOR_ENRICH_IPADDR_RISKIQ_THREAT_INCLEXCL_REFRESH_RATE

EF_FLOW_DECODER_ENRICH_RISKIQ_API_USER

RENAMED

EF_PROCESSOR_ENRICH_IPADDR_RISKIQ_API_USER

EF_FLOW_DECODER_ENRICH_RISKIQ_API_KEY

RENAMED

EF_PROCESSOR_ENRICH_IPADDR_RISKIQ_API_KEY

EF_FLOW_DECODER_ENRICH_RISKIQ_API_TIMEOUT

RENAMED

EF_PROCESSOR_ENRICH_IPADDR_RISKIQ_API_TIMEOUT

EF_FLOW_DECODER_ENRICH_ASN_PREF

RENAMED

EF_PROCESSOR_ENRICH_ASN_PREF

Network Interface Enrichment Options

The only change is that FLOW_DECODER has been renamed to PROCESSOR in the option names.

5.6.x Option	Status	Notes for 6.0
EF_FLOW_DECODER_ENRICH_NETIF_TTL	RENAMED	EF_PROCESSOR_ENRICH_NETIF_TTL
EF_FLOW_DECODER_ENRICH_NETIF_METADATA_ENABLE	RENAMED	EF_PROCESSOR_ENRICH_NETIF_METADATA_ENABLE
EF_FLOW_DECODER_ENRICH_NETIF_METADATA_USERDEF_PATH	RENAMED	EF_PROCESSOR_ENRICH_NETIF_METADATA_USERDEF_PATH
EF_FLOW_DECODER_ENRICH_NETIF_METADATA_REFRESH_RATE	RENAMED	EF_PROCESSOR_ENRICH_NETIF_METADATA_REFRESH_RATE
EF_FLOW_DECODER_ENRICH_NETIF_FLOW_OPTIONS_ENABLE	RENAMED	EF_PROCESSOR_ENRICH_NETIF_FLOW_OPTIONS_ENABLE
EF_FLOW_DECODER_ENRICH_NETIF_SNMP_ENABLE	RENAMED	EF_PROCESSOR_ENRICH_NETIF_SNMP_ENABLE
EF_FLOW_DECODER_ENRICH_NETIF_SNMP_PORT	RENAMED	EF_PROCESSOR_ENRICH_NETIF_SNMP_PORT
EF_FLOW_DECODER_ENRICH_NETIF_SNMP_VERSION	RENAMED	EF_PROCESSOR_ENRICH_NETIF_SNMP_VERSION
EF_FLOW_DECODER_ENRICH_NETIF_SNMP_COMMUNITIES	RENAMED	EF_PROCESSOR_ENRICH_NETIF_SNMP_COMMUNITIES
EF_FLOW_DECODER_ENRICH_NETIF_SNMP_TIMEOUT	RENAMED	EF_PROCESSOR_ENRICH_NETIF_SNMP_TIMEOUT
EF_FLOW_DECODER_ENRICH_NETIF_SNMP_RETRIES	RENAMED	EF_PROCESSOR_ENRICH_NETIF_SNMP_RETRIES

5.6.x Option

Status

Notes for 6.0

EF_FLOW_DECODER_ENRICH_NETIF_TTL

RENAMED

EF_PROCESSOR_ENRICH_NETIF_TTL

EF_FLOW_DECODER_ENRICH_NETIF_METADATA_ENABLE

RENAMED

EF_PROCESSOR_ENRICH_NETIF_METADATA_ENABLE

EF_FLOW_DECODER_ENRICH_NETIF_METADATA_USERDEF_PATH

RENAMED

EF_PROCESSOR_ENRICH_NETIF_METADATA_USERDEF_PATH

EF_FLOW_DECODER_ENRICH_NETIF_METADATA_REFRESH_RATE

RENAMED

EF_PROCESSOR_ENRICH_NETIF_METADATA_REFRESH_RATE

EF_FLOW_DECODER_ENRICH_NETIF_FLOW_OPTIONS_ENABLE

RENAMED

EF_PROCESSOR_ENRICH_NETIF_FLOW_OPTIONS_ENABLE

EF_FLOW_DECODER_ENRICH_NETIF_SNMP_ENABLE

RENAMED

EF_PROCESSOR_ENRICH_NETIF_SNMP_ENABLE

EF_FLOW_DECODER_ENRICH_NETIF_SNMP_PORT

RENAMED

EF_PROCESSOR_ENRICH_NETIF_SNMP_PORT

EF_FLOW_DECODER_ENRICH_NETIF_SNMP_VERSION

RENAMED

EF_PROCESSOR_ENRICH_NETIF_SNMP_VERSION

EF_FLOW_DECODER_ENRICH_NETIF_SNMP_COMMUNITIES

RENAMED

EF_PROCESSOR_ENRICH_NETIF_SNMP_COMMUNITIES

EF_FLOW_DECODER_ENRICH_NETIF_SNMP_TIMEOUT

RENAMED

EF_PROCESSOR_ENRICH_NETIF_SNMP_TIMEOUT

EF_FLOW_DECODER_ENRICH_NETIF_SNMP_RETRIES

RENAMED

EF_PROCESSOR_ENRICH_NETIF_SNMP_RETRIES

Post-Processing Enrichment Options

5.6.x Option	Status	Notes for 6.0
EF_FLOW_DECODER_ENRICH_TOTALS_IF_NO_DELTAS	RENAMED	EF_PROCESSOR_ENRICH_TOTALS_IF_NO_DELTAS
EF_FLOW_DECODER_ENRICH_SAMPLERATE_CACHE_SIZE	RENAMED	EF_PROCESSOR_ENRICH_SAMPLERATE_CACHE_SIZE
EF_FLOW_DECODER_ENRICH_SAMPLERATE_USERDEF_ENABLE	RENAMED	EF_PROCESSOR_ENRICH_SAMPLERATE_USERDEF_ENABLE
EF_FLOW_DECODER_ENRICH_SAMPLERATE_USERDEF_PATH	RENAMED	EF_PROCESSOR_ENRICH_SAMPLERATE_USERDEF_PATH
___	NEW	EF_PROCESSOR_ENRICH_SAMPLERATE_USERDEF_OVERRIDE
EF_FLOW_DECODER_ENRICH_COMMUNITYID_ENABLE	RENAMED	EF_PROCESSOR_ENRICH_COMMUNITYID_ENABLE
EF_FLOW_DECODER_ENRICH_COMMUNITYID_SEED	RENAMED	EF_PROCESSOR_ENRICH_COMMUNITYID_SEED
EF_FLOW_DECODER_ENRICH_CONVERSATIONID_ENABLE	RENAMED	EF_PROCESSOR_ENRICH_CONVERSATIONID_ENABLE
EF_FLOW_DECODER_ENRICH_CONVERSATIONID_SEED	RENAMED	EF_PROCESSOR_ENRICH_CONVERSATIONID_SEED
EF_FLOW_DECODER_ENRICH_JOIN_ASN	RENAMED	EF_PROCESSOR_ENRICH_JOIN_ASN
EF_FLOW_DECODER_ENRICH_JOIN_GEOIP	RENAMED	EF_PROCESSOR_ENRICH_JOIN_GEOIP
EF_FLOW_DECODER_ENRICH_JOIN_SEC	RENAMED	EF_PROCESSOR_ENRICH_JOIN_SEC
EF_FLOW_DECODER_ENRICH_JOIN_NETATTR	RENAMED	EF_PROCESSOR_ENRICH_JOIN_NETATTR
EF_FLOW_DECODER_ENRICH_JOIN_SUBNETATTR	RENAMED	EF_PROCESSOR_ENRICH_JOIN_SUBNETATTR
EF_FLOW_DECODER_DURATION_PRECISION	RENAMED	EF_PROCESSOR_DURATION_PRECISION
EF_FLOW_DECODER_TIMESTAMP_PRECISION	RENAMED	EF_PROCESSOR_TIMESTAMP_PRECISION
EF_FLOW_DECODER_PERCENT_NORM	RENAMED	EF_PROCESSOR_PERCENT_NORM
EF_FLOW_DECODER_ENRICH_EXPAND_CLISRV	RENAMED	EF_PROCESSOR_EXPAND_CLISRV
___	NEW	EF_PROCESSOR_EXPAND_CLISRV_NO_L4_PORTS
EF_FLOW_DECODER_ENRICH_KEEP_CPU_TICKS	RENAMED	EF_PROCESSOR_KEEP_CPU_TICKS
EF_FLOW_DECODER_ENRICH_DROP_FIELDS	RENAMED	EF_PROCESSOR_DROP_FIELDS
EF_FLOW_RECORD_STREAM_MAX_SIZE	✕	REMOVED: The record stream size has been optimized for peak performance and requires no adjustment.

5.6.x Option

Status

Notes for 6.0

EF_FLOW_DECODER_ENRICH_TOTALS_IF_NO_DELTAS

RENAMED

EF_PROCESSOR_ENRICH_TOTALS_IF_NO_DELTAS

EF_FLOW_DECODER_ENRICH_SAMPLERATE_CACHE_SIZE

RENAMED

EF_PROCESSOR_ENRICH_SAMPLERATE_CACHE_SIZE

EF_FLOW_DECODER_ENRICH_SAMPLERATE_USERDEF_ENABLE

RENAMED

EF_PROCESSOR_ENRICH_SAMPLERATE_USERDEF_ENABLE

EF_FLOW_DECODER_ENRICH_SAMPLERATE_USERDEF_PATH

RENAMED

EF_PROCESSOR_ENRICH_SAMPLERATE_USERDEF_PATH

___

NEW

EF_PROCESSOR_ENRICH_SAMPLERATE_USERDEF_OVERRIDE

EF_FLOW_DECODER_ENRICH_COMMUNITYID_ENABLE

RENAMED

EF_PROCESSOR_ENRICH_COMMUNITYID_ENABLE

EF_FLOW_DECODER_ENRICH_COMMUNITYID_SEED

RENAMED

EF_PROCESSOR_ENRICH_COMMUNITYID_SEED

EF_FLOW_DECODER_ENRICH_CONVERSATIONID_ENABLE

RENAMED

EF_PROCESSOR_ENRICH_CONVERSATIONID_ENABLE

EF_FLOW_DECODER_ENRICH_CONVERSATIONID_SEED

RENAMED

EF_PROCESSOR_ENRICH_CONVERSATIONID_SEED

EF_FLOW_DECODER_ENRICH_JOIN_ASN

RENAMED

EF_PROCESSOR_ENRICH_JOIN_ASN

EF_FLOW_DECODER_ENRICH_JOIN_GEOIP

RENAMED

EF_PROCESSOR_ENRICH_JOIN_GEOIP

EF_FLOW_DECODER_ENRICH_JOIN_SEC

RENAMED

EF_PROCESSOR_ENRICH_JOIN_SEC

EF_FLOW_DECODER_ENRICH_JOIN_NETATTR

RENAMED

EF_PROCESSOR_ENRICH_JOIN_NETATTR

EF_FLOW_DECODER_ENRICH_JOIN_SUBNETATTR

RENAMED

EF_PROCESSOR_ENRICH_JOIN_SUBNETATTR

EF_FLOW_DECODER_DURATION_PRECISION

RENAMED

EF_PROCESSOR_DURATION_PRECISION

EF_FLOW_DECODER_TIMESTAMP_PRECISION

RENAMED

EF_PROCESSOR_TIMESTAMP_PRECISION

EF_FLOW_DECODER_PERCENT_NORM

RENAMED

EF_PROCESSOR_PERCENT_NORM

EF_FLOW_DECODER_ENRICH_EXPAND_CLISRV

RENAMED

EF_PROCESSOR_EXPAND_CLISRV

___

NEW

EF_PROCESSOR_EXPAND_CLISRV_NO_L4_PORTS

EF_FLOW_DECODER_ENRICH_KEEP_CPU_TICKS

RENAMED

EF_PROCESSOR_KEEP_CPU_TICKS

EF_FLOW_DECODER_ENRICH_DROP_FIELDS

RENAMED

EF_PROCESSOR_DROP_FIELDS

EF_FLOW_RECORD_STREAM_MAX_SIZE

REMOVED: The record stream size has been optimized for peak performance and requires no adjustment.

stdout Output Options

The only change is that FLOW_ has been removed from the option names.

5.6.x Option	Status	Notes for 6.0
EF_FLOW_OUTPUT_STDOUT_ENABLE	RENAMED	EF_OUTPUT_STDOUT_ENABLE
EF_FLOW_OUTPUT_STDOUT_FORMAT	RENAMED	EF_OUTPUT_STDOUT_FORMAT

5.6.x Option

Status

Notes for 6.0

EF_FLOW_OUTPUT_STDOUT_ENABLE

RENAMED

EF_OUTPUT_STDOUT_ENABLE

EF_FLOW_OUTPUT_STDOUT_FORMAT

RENAMED

EF_OUTPUT_STDOUT_FORMAT

Monitor Output Options

The only change is that FLOW_ has been removed from the option names.

5.6.x Option	Status	Notes for 6.0
EF_FLOW_OUTPUT_MONITOR_ENABLE	RENAMED	EF_OUTPUT_MONITOR_ENABLE
EF_FLOW_OUTPUT_MONITOR_INTERVAL	RENAMED	EF_OUTPUT_MONITOR_INTERVAL

5.6.x Option

Status

Notes for 6.0

EF_FLOW_OUTPUT_MONITOR_ENABLE

RENAMED

EF_OUTPUT_MONITOR_ENABLE

EF_FLOW_OUTPUT_MONITOR_INTERVAL

RENAMED

EF_OUTPUT_MONITOR_INTERVAL

Elasticsearch Output Options

The primary change is that FLOW_ has been removed from the option names. A few options have been removed.

5.6.x Option	Status	Notes for 6.0
EF_FLOW_OUTPUT_ELASTICSEARCH_ENABLE	RENAMED	EF_OUTPUT_ELASTICSEARCH_ENABLE
EF_FLOW_OUTPUT_ELASTICSEARCH_ECS_ENABLE	RENAMED	EF_OUTPUT_ELASTICSEARCH_ECS_ENABLE
EF_FLOW_OUTPUT_ELASTICSEARCH_BATCH_DEADLINE	RENAMED	EF_OUTPUT_ELASTICSEARCH_BATCH_DEADLINE
EF_FLOW_OUTPUT_ELASTICSEARCH_BATCH_MAX_BYTES	RENAMED	EF_OUTPUT_ELASTICSEARCH_BATCH_MAX_BYTES
EF_FLOW_OUTPUT_ELASTICSEARCH_TIMESTAMP_SOURCE	RENAMED	EF_OUTPUT_ELASTICSEARCH_TIMESTAMP_SOURCE
EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_PERIOD	RENAMED	EF_OUTPUT_ELASTICSEARCH_INDEX_PERIOD
EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_SUFFIX	RENAMED	EF_OUTPUT_ELASTICSEARCH_INDEX_SUFFIX
EF_FLOW_OUTPUT_ELASTICSEARCH_DROP_FIELDS	RENAMED	EF_OUTPUT_ELASTICSEARCH_DROP_FIELDS
EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_ENABLE	RENAMED	EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_ENABLE
EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_OVERWRITE	RENAMED	EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_OVERWRITE
EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_SHARDS	RENAMED	EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_SHARDS
EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_REPLICAS	RENAMED	EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_REPLICAS
EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_REFRESH_INTERVAL	RENAMED	EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_REFRESH_INTERVAL
EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_CODEC	RENAMED	EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_CODEC
EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_ILM_LIFECYCLE	RENAMED	EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_ILM_LIFECYCLE
EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_ILM_ROLLOVER_ALIAS	✕	REMOVED: The rollover alias is generated automatically by the collector.
EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_ISM_POLICY	✕	REMOVED: The Elasticsearch output no longer supports OpenSearch-specific features.
EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_PIPELINE_DEFAULT	RENAMED	EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_PIPELINE_DEFAULT
EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_PIPELINE_FINAL	RENAMED	EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_PIPELINE_FINAL
EF_FLOW_OUTPUT_ELASTICSEARCH_ADDRESSES	RENAMED	EF_OUTPUT_ELASTICSEARCH_ADDRESSES
EF_FLOW_OUTPUT_ELASTICSEARCH_USERNAME	RENAMED	EF_OUTPUT_ELASTICSEARCH_USERNAME
EF_FLOW_OUTPUT_ELASTICSEARCH_PASSWORD	RENAMED	EF_OUTPUT_ELASTICSEARCH_PASSWORD
EF_FLOW_OUTPUT_ELASTICSEARCH_CLOUD_ID	RENAMED	EF_OUTPUT_ELASTICSEARCH_CLOUD_ID
EF_FLOW_OUTPUT_ELASTICSEARCH_API_KEY	RENAMED	EF_OUTPUT_ELASTICSEARCH_API_KEY
EF_FLOW_OUTPUT_ELASTICSEARCH_CLIENT_CA_CERT_FILEPATH	RENAMED	EF_OUTPUT_ELASTICSEARCH_CLIENT_CA_CERT_FILEPATH
EF_FLOW_OUTPUT_ELASTICSEARCH_CLIENT_CERT_FILEPATH	RENAMED	EF_OUTPUT_ELASTICSEARCH_CLIENT_CERT_FILEPATH
EF_FLOW_OUTPUT_ELASTICSEARCH_CLIENT_KEY_FILEPATH	RENAMED	EF_OUTPUT_ELASTICSEARCH_CLIENT_KEY_FILEPATH
EF_FLOW_OUTPUT_ELASTICSEARCH_TLS_ENABLE	RENAMED	EF_OUTPUT_ELASTICSEARCH_TLS_ENABLE
EF_FLOW_OUTPUT_ELASTICSEARCH_TLS_SKIP_VERIFICATION	RENAMED	EF_OUTPUT_ELASTICSEARCH_TLS_SKIP_VERIFICATION
EF_FLOW_OUTPUT_ELASTICSEARCH_TLS_CA_CERT_FILEPATH	RENAMED	EF_OUTPUT_ELASTICSEARCH_TLS_CA_CERT_FILEPATH
EF_FLOW_OUTPUT_ELASTICSEARCH_RETRY_ENABLE	RENAMED	EF_OUTPUT_ELASTICSEARCH_RETRY_ENABLE
EF_FLOW_OUTPUT_ELASTICSEARCH_RETRY_ON_TIMEOUT_ENABLE	RENAMED	EF_OUTPUT_ELASTICSEARCH_RETRY_ON_TIMEOUT_ENABLE
EF_FLOW_OUTPUT_ELASTICSEARCH_MAX_RETRIES	RENAMED	EF_OUTPUT_ELASTICSEARCH_MAX_RETRIES
EF_FLOW_OUTPUT_ELASTICSEARCH_RETRY_BACKOFF	RENAMED	EF_OUTPUT_ELASTICSEARCH_RETRY_BACKOFF
___	NEW	EF_OUTPUT_ELASTICSEARCH_ALLOWED_RECORD_TYPES

5.6.x Option

Status

Notes for 6.0

EF_FLOW_OUTPUT_ELASTICSEARCH_ENABLE

RENAMED

EF_OUTPUT_ELASTICSEARCH_ENABLE

EF_FLOW_OUTPUT_ELASTICSEARCH_ECS_ENABLE

RENAMED

EF_OUTPUT_ELASTICSEARCH_ECS_ENABLE

EF_FLOW_OUTPUT_ELASTICSEARCH_BATCH_DEADLINE

RENAMED

EF_OUTPUT_ELASTICSEARCH_BATCH_DEADLINE

EF_FLOW_OUTPUT_ELASTICSEARCH_BATCH_MAX_BYTES

RENAMED

EF_OUTPUT_ELASTICSEARCH_BATCH_MAX_BYTES

EF_FLOW_OUTPUT_ELASTICSEARCH_TIMESTAMP_SOURCE

RENAMED

EF_OUTPUT_ELASTICSEARCH_TIMESTAMP_SOURCE

EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_PERIOD

RENAMED

EF_OUTPUT_ELASTICSEARCH_INDEX_PERIOD

EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_SUFFIX

RENAMED

EF_OUTPUT_ELASTICSEARCH_INDEX_SUFFIX

EF_FLOW_OUTPUT_ELASTICSEARCH_DROP_FIELDS

RENAMED

EF_OUTPUT_ELASTICSEARCH_DROP_FIELDS

EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_ENABLE

RENAMED

EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_ENABLE

EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_OVERWRITE

RENAMED

EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_OVERWRITE

EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_SHARDS

RENAMED

EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_SHARDS

EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_REPLICAS

RENAMED

EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_REPLICAS

EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_REFRESH_INTERVAL

RENAMED

EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_REFRESH_INTERVAL

EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_CODEC

RENAMED

EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_CODEC

EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_ILM_LIFECYCLE

RENAMED

EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_ILM_LIFECYCLE

EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_ILM_ROLLOVER_ALIAS

REMOVED: The rollover alias is generated automatically by the collector.

EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_ISM_POLICY

REMOVED: The Elasticsearch output no longer supports OpenSearch-specific features.

EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_PIPELINE_DEFAULT

RENAMED

EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_PIPELINE_DEFAULT

EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_PIPELINE_FINAL

RENAMED

EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_PIPELINE_FINAL

EF_FLOW_OUTPUT_ELASTICSEARCH_ADDRESSES

RENAMED

EF_OUTPUT_ELASTICSEARCH_ADDRESSES

EF_FLOW_OUTPUT_ELASTICSEARCH_USERNAME

RENAMED

EF_OUTPUT_ELASTICSEARCH_USERNAME

EF_FLOW_OUTPUT_ELASTICSEARCH_PASSWORD

RENAMED

EF_OUTPUT_ELASTICSEARCH_PASSWORD

EF_FLOW_OUTPUT_ELASTICSEARCH_CLOUD_ID

RENAMED

EF_OUTPUT_ELASTICSEARCH_CLOUD_ID

EF_FLOW_OUTPUT_ELASTICSEARCH_API_KEY

RENAMED

EF_OUTPUT_ELASTICSEARCH_API_KEY

EF_FLOW_OUTPUT_ELASTICSEARCH_CLIENT_CA_CERT_FILEPATH

RENAMED

EF_OUTPUT_ELASTICSEARCH_CLIENT_CA_CERT_FILEPATH

EF_FLOW_OUTPUT_ELASTICSEARCH_CLIENT_CERT_FILEPATH

RENAMED

EF_OUTPUT_ELASTICSEARCH_CLIENT_CERT_FILEPATH

EF_FLOW_OUTPUT_ELASTICSEARCH_CLIENT_KEY_FILEPATH

RENAMED

EF_OUTPUT_ELASTICSEARCH_CLIENT_KEY_FILEPATH

EF_FLOW_OUTPUT_ELASTICSEARCH_TLS_ENABLE

RENAMED

EF_OUTPUT_ELASTICSEARCH_TLS_ENABLE

EF_FLOW_OUTPUT_ELASTICSEARCH_TLS_SKIP_VERIFICATION

RENAMED

EF_OUTPUT_ELASTICSEARCH_TLS_SKIP_VERIFICATION

EF_FLOW_OUTPUT_ELASTICSEARCH_TLS_CA_CERT_FILEPATH

RENAMED

EF_OUTPUT_ELASTICSEARCH_TLS_CA_CERT_FILEPATH

EF_FLOW_OUTPUT_ELASTICSEARCH_RETRY_ENABLE

RENAMED

EF_OUTPUT_ELASTICSEARCH_RETRY_ENABLE

EF_FLOW_OUTPUT_ELASTICSEARCH_RETRY_ON_TIMEOUT_ENABLE

RENAMED

EF_OUTPUT_ELASTICSEARCH_RETRY_ON_TIMEOUT_ENABLE

EF_FLOW_OUTPUT_ELASTICSEARCH_MAX_RETRIES

RENAMED

EF_OUTPUT_ELASTICSEARCH_MAX_RETRIES

EF_FLOW_OUTPUT_ELASTICSEARCH_RETRY_BACKOFF

RENAMED

EF_OUTPUT_ELASTICSEARCH_RETRY_BACKOFF

___

NEW

EF_OUTPUT_ELASTICSEARCH_ALLOWED_RECORD_TYPES

OpenSearch Output Options

The primary change is that FLOW_ has been removed from the option names.

5.6.x Option	Status	Notes for 6.0
EF_FLOW_OUTPUT_OPENSEARCH_ENABLE	RENAMED	EF_OUTPUT_OPENSEARCH_ENABLE
EF_FLOW_OUTPUT_OPENSEARCH_ECS_ENABLE	RENAMED	EF_OUTPUT_OPENSEARCH_ECS_ENABLE
EF_FLOW_OUTPUT_OPENSEARCH_BATCH_DEADLINE	RENAMED	EF_OUTPUT_OPENSEARCH_BATCH_DEADLINE
EF_FLOW_OUTPUT_OPENSEARCH_BATCH_MAX_BYTES	RENAMED	EF_OUTPUT_OPENSEARCH_BATCH_MAX_BYTES
EF_FLOW_OUTPUT_OPENSEARCH_TIMESTAMP_SOURCE	RENAMED	EF_OUTPUT_OPENSEARCH_TIMESTAMP_SOURCE
EF_FLOW_OUTPUT_OPENSEARCH_INDEX_PERIOD	RENAMED	EF_OUTPUT_OPENSEARCH_INDEX_PERIOD
EF_FLOW_OUTPUT_OPENSEARCH_INDEX_SUFFIX	RENAMED	EF_OUTPUT_OPENSEARCH_INDEX_SUFFIX
EF_FLOW_OUTPUT_OPENSEARCH_DROP_FIELDS	RENAMED	EF_OUTPUT_OPENSEARCH_DROP_FIELDS
EF_FLOW_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_ENABLE	RENAMED	EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_ENABLE
EF_FLOW_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_OVERWRITE	RENAMED	EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_OVERWRITE
EF_FLOW_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_SHARDS	RENAMED	EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_SHARDS
EF_FLOW_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_REPLICAS	RENAMED	EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_REPLICAS
EF_FLOW_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_REFRESH_INTERVAL	RENAMED	EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_REFRESH_INTERVAL
EF_FLOW_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_CODEC	RENAMED	EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_CODEC
EF_FLOW_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_ISM_POLICY	RENAMED	EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_ISM_POLICY
EF_FLOW_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_PIPELINE_DEFAULT	RENAMED	EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_PIPELINE_DEFAULT
EF_FLOW_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_PIPELINE_FINAL	RENAMED	EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_PIPELINE_FINAL
EF_FLOW_OUTPUT_OPENSEARCH_ADDRESSES	RENAMED	EF_OUTPUT_OPENSEARCH_ADDRESSES
EF_FLOW_OUTPUT_OPENSEARCH_USERNAME	RENAMED	EF_OUTPUT_OPENSEARCH_USERNAME
EF_FLOW_OUTPUT_OPENSEARCH_PASSWORD	RENAMED	EF_OUTPUT_OPENSEARCH_PASSWORD
EF_FLOW_OUTPUT_OPENSEARCH_CLIENT_CA_CERT_FILEPATH	RENAMED	EF_OUTPUT_OPENSEARCH_CLIENT_CA_CERT_FILEPATH
EF_FLOW_OUTPUT_OPENSEARCH_CLIENT_CERT_FILEPATH	RENAMED	EF_OUTPUT_OPENSEARCH_CLIENT_CERT_FILEPATH
EF_FLOW_OUTPUT_OPENSEARCH_CLIENT_KEY_FILEPATH	RENAMED	EF_OUTPUT_OPENSEARCH_CLIENT_KEY_FILEPATH
EF_FLOW_OUTPUT_OPENSEARCH_TLS_ENABLE	RENAMED	EF_OUTPUT_OPENSEARCH_TLS_ENABLE
EF_FLOW_OUTPUT_OPENSEARCH_TLS_SKIP_VERIFICATION	RENAMED	EF_OUTPUT_OPENSEARCH_TLS_SKIP_VERIFICATION
EF_FLOW_OUTPUT_OPENSEARCH_TLS_CA_CERT_FILEPATH	RENAMED	EF_OUTPUT_OPENSEARCH_TLS_CA_CERT_FILEPATH
EF_FLOW_OUTPUT_OPENSEARCH_RETRY_ENABLE	RENAMED	EF_OUTPUT_OPENSEARCH_RETRY_ENABLE
EF_FLOW_OUTPUT_OPENSEARCH_RETRY_ON_TIMEOUT_ENABLE	RENAMED	EF_OUTPUT_OPENSEARCH_RETRY_ON_TIMEOUT_ENABLE
EF_FLOW_OUTPUT_OPENSEARCH_MAX_RETRIES	RENAMED	EF_OUTPUT_OPENSEARCH_MAX_RETRIES
EF_FLOW_OUTPUT_OPENSEARCH_RETRY_BACKOFF	RENAMED	EF_OUTPUT_OPENSEARCH_RETRY_BACKOFF
___	NEW	EF_OUTPUT_OPENSEARCH_ALLOWED_RECORD_TYPES

5.6.x Option

Status

Notes for 6.0

EF_FLOW_OUTPUT_OPENSEARCH_ENABLE

RENAMED

EF_OUTPUT_OPENSEARCH_ENABLE

EF_FLOW_OUTPUT_OPENSEARCH_ECS_ENABLE

RENAMED

EF_OUTPUT_OPENSEARCH_ECS_ENABLE

EF_FLOW_OUTPUT_OPENSEARCH_BATCH_DEADLINE

RENAMED

EF_OUTPUT_OPENSEARCH_BATCH_DEADLINE

EF_FLOW_OUTPUT_OPENSEARCH_BATCH_MAX_BYTES

RENAMED

EF_OUTPUT_OPENSEARCH_BATCH_MAX_BYTES

EF_FLOW_OUTPUT_OPENSEARCH_TIMESTAMP_SOURCE

RENAMED

EF_OUTPUT_OPENSEARCH_TIMESTAMP_SOURCE

EF_FLOW_OUTPUT_OPENSEARCH_INDEX_PERIOD

RENAMED

EF_OUTPUT_OPENSEARCH_INDEX_PERIOD

EF_FLOW_OUTPUT_OPENSEARCH_INDEX_SUFFIX

RENAMED

EF_OUTPUT_OPENSEARCH_INDEX_SUFFIX

EF_FLOW_OUTPUT_OPENSEARCH_DROP_FIELDS

RENAMED

EF_OUTPUT_OPENSEARCH_DROP_FIELDS

EF_FLOW_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_ENABLE

RENAMED

EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_ENABLE

EF_FLOW_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_OVERWRITE

RENAMED

EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_OVERWRITE

EF_FLOW_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_SHARDS

RENAMED

EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_SHARDS

EF_FLOW_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_REPLICAS

RENAMED

EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_REPLICAS

EF_FLOW_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_REFRESH_INTERVAL

RENAMED

EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_REFRESH_INTERVAL

EF_FLOW_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_CODEC

RENAMED

EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_CODEC

EF_FLOW_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_ISM_POLICY

RENAMED

EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_ISM_POLICY

EF_FLOW_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_PIPELINE_DEFAULT

RENAMED

EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_PIPELINE_DEFAULT

EF_FLOW_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_PIPELINE_FINAL

RENAMED

EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_PIPELINE_FINAL

EF_FLOW_OUTPUT_OPENSEARCH_ADDRESSES

RENAMED

EF_OUTPUT_OPENSEARCH_ADDRESSES

EF_FLOW_OUTPUT_OPENSEARCH_USERNAME

RENAMED

EF_OUTPUT_OPENSEARCH_USERNAME

EF_FLOW_OUTPUT_OPENSEARCH_PASSWORD

RENAMED

EF_OUTPUT_OPENSEARCH_PASSWORD

EF_FLOW_OUTPUT_OPENSEARCH_CLIENT_CA_CERT_FILEPATH

RENAMED

EF_OUTPUT_OPENSEARCH_CLIENT_CA_CERT_FILEPATH

EF_FLOW_OUTPUT_OPENSEARCH_CLIENT_CERT_FILEPATH

RENAMED

EF_OUTPUT_OPENSEARCH_CLIENT_CERT_FILEPATH

EF_FLOW_OUTPUT_OPENSEARCH_CLIENT_KEY_FILEPATH

RENAMED

EF_OUTPUT_OPENSEARCH_CLIENT_KEY_FILEPATH

EF_FLOW_OUTPUT_OPENSEARCH_TLS_ENABLE

RENAMED

EF_OUTPUT_OPENSEARCH_TLS_ENABLE

EF_FLOW_OUTPUT_OPENSEARCH_TLS_SKIP_VERIFICATION

RENAMED

EF_OUTPUT_OPENSEARCH_TLS_SKIP_VERIFICATION

EF_FLOW_OUTPUT_OPENSEARCH_TLS_CA_CERT_FILEPATH

RENAMED

EF_OUTPUT_OPENSEARCH_TLS_CA_CERT_FILEPATH

EF_FLOW_OUTPUT_OPENSEARCH_RETRY_ENABLE

RENAMED

EF_OUTPUT_OPENSEARCH_RETRY_ENABLE

EF_FLOW_OUTPUT_OPENSEARCH_RETRY_ON_TIMEOUT_ENABLE

RENAMED

EF_OUTPUT_OPENSEARCH_RETRY_ON_TIMEOUT_ENABLE

EF_FLOW_OUTPUT_OPENSEARCH_MAX_RETRIES

RENAMED

EF_OUTPUT_OPENSEARCH_MAX_RETRIES

EF_FLOW_OUTPUT_OPENSEARCH_RETRY_BACKOFF

RENAMED

EF_OUTPUT_OPENSEARCH_RETRY_BACKOFF

___

NEW

EF_OUTPUT_OPENSEARCH_ALLOWED_RECORD_TYPES

Splunk Output Options

The only change is that FLOW_ has been removed from the option names.

5.6.x Option	Status	Notes for 6.0
EF_FLOW_OUTPUT_SPLUNK_HEC_ENABLE	RENAMED	EF_OUTPUT_SPLUNK_HEC_ENABLE
EF_FLOW_OUTPUT_SPLUNK_HEC_CIM_ENABLE	RENAMED	EF_OUTPUT_SPLUNK_HEC_CIM_ENABLE
EF_FLOW_OUTPUT_SPLUNK_HEC_ADDRESSES	RENAMED	EF_OUTPUT_SPLUNK_HEC_ADDRESSES
EF_FLOW_OUTPUT_SPLUNK_HEC_TOKEN	RENAMED	EF_OUTPUT_SPLUNK_HEC_TOKEN
EF_FLOW_OUTPUT_SPLUNK_HEC_BATCH_MAX_BYTES	RENAMED	EF_OUTPUT_SPLUNK_HEC_BATCH_MAX_BYTES
EF_FLOW_OUTPUT_SPLUNK_HEC_BATCH_DEADLINE	RENAMED	EF_OUTPUT_SPLUNK_HEC_BATCH_DEADLINE
EF_FLOW_OUTPUT_SPLUNK_HEC_TLS_ENABLE	RENAMED	EF_OUTPUT_SPLUNK_HEC_TLS_ENABLE
EF_FLOW_OUTPUT_SPLUNK_HEC_TLS_SKIP_VERIFICATION	RENAMED	EF_OUTPUT_SPLUNK_HEC_TLS_SKIP_VERIFICATION
EF_FLOW_OUTPUT_SPLUNK_HEC_TLS_CA_CERT_FILEPATH	RENAMED	EF_OUTPUT_SPLUNK_HEC_TLS_CA_CERT_FILEPATH
EF_FLOW_OUTPUT_SPLUNK_HEC_DROP_FIELDS	RENAMED	EF_OUTPUT_SPLUNK_HEC_DROP_FIELDS

5.6.x Option

Status

Notes for 6.0

EF_FLOW_OUTPUT_SPLUNK_HEC_ENABLE

RENAMED

EF_OUTPUT_SPLUNK_HEC_ENABLE

EF_FLOW_OUTPUT_SPLUNK_HEC_CIM_ENABLE

RENAMED

EF_OUTPUT_SPLUNK_HEC_CIM_ENABLE

EF_FLOW_OUTPUT_SPLUNK_HEC_ADDRESSES

RENAMED

EF_OUTPUT_SPLUNK_HEC_ADDRESSES

EF_FLOW_OUTPUT_SPLUNK_HEC_TOKEN

RENAMED

EF_OUTPUT_SPLUNK_HEC_TOKEN

EF_FLOW_OUTPUT_SPLUNK_HEC_BATCH_MAX_BYTES

RENAMED

EF_OUTPUT_SPLUNK_HEC_BATCH_MAX_BYTES

EF_FLOW_OUTPUT_SPLUNK_HEC_BATCH_DEADLINE

RENAMED

EF_OUTPUT_SPLUNK_HEC_BATCH_DEADLINE

EF_FLOW_OUTPUT_SPLUNK_HEC_TLS_ENABLE

RENAMED

EF_OUTPUT_SPLUNK_HEC_TLS_ENABLE

EF_FLOW_OUTPUT_SPLUNK_HEC_TLS_SKIP_VERIFICATION

RENAMED

EF_OUTPUT_SPLUNK_HEC_TLS_SKIP_VERIFICATION

EF_FLOW_OUTPUT_SPLUNK_HEC_TLS_CA_CERT_FILEPATH

RENAMED

EF_OUTPUT_SPLUNK_HEC_TLS_CA_CERT_FILEPATH

EF_FLOW_OUTPUT_SPLUNK_HEC_DROP_FIELDS

RENAMED

EF_OUTPUT_SPLUNK_HEC_DROP_FIELDS

Kafka Output Options

The primary change is that FLOW_ has been removed from the option names.

5.6.x Option	Status	Notes for 6.0
EF_FLOW_OUTPUT_KAFKA_ENABLE	RENAMED	EF_OUTPUT_KAFKA_ENABLE
EF_FLOW_OUTPUT_KAFKA_BROKERS	RENAMED	EF_OUTPUT_KAFKA_BROKERS
EF_FLOW_OUTPUT_KAFKA_VERSION	RENAMED	EF_OUTPUT_KAFKA_VERSION
EF_FLOW_OUTPUT_KAFKA_TOPIC	RENAMED	EF_OUTPUT_KAFKA_TOPIC
EF_FLOW_OUTPUT_KAFKA_CLIENT_ID	RENAMED	EF_OUTPUT_KAFKA_CLIENT_ID
EF_FLOW_OUTPUT_KAFKA_PARTITION_KEY	RENAMED	EF_OUTPUT_KAFKA_PARTITION_KEY
EF_FLOW_OUTPUT_KAFKA_RACK_ID	RENAMED	EF_OUTPUT_KAFKA_RACK_ID
EF_FLOW_OUTPUT_KAFKA_TIMEOUT	RENAMED	EF_OUTPUT_KAFKA_TIMEOUT
EF_FLOW_OUTPUT_KAFKA_SASL_ENABLE	RENAMED	EF_OUTPUT_KAFKA_SASL_ENABLE
EF_FLOW_OUTPUT_KAFKA_SASL_USERNAME	RENAMED	EF_OUTPUT_KAFKA_SASL_USERNAME
EF_FLOW_OUTPUT_KAFKA_SASL_PASSWORD	RENAMED	EF_OUTPUT_KAFKA_SASL_PASSWORD
EF_FLOW_OUTPUT_KAFKA_TLS_ENABLE	RENAMED	EF_OUTPUT_KAFKA_TLS_ENABLE
EF_FLOW_OUTPUT_KAFKA_TLS_CA_CERT_FILEPATH	RENAMED	EF_OUTPUT_KAFKA_TLS_CA_CERT_FILEPATH
EF_FLOW_OUTPUT_KAFKA_TLS_CERT_FILEPATH	RENAMED	EF_OUTPUT_KAFKA_TLS_CERT_FILEPATH
EF_FLOW_OUTPUT_KAFKA_TLS_KEY_FILEPATH	RENAMED	EF_OUTPUT_KAFKA_TLS_KEY_FILEPATH
EF_FLOW_OUTPUT_KAFKA_TLS_SKIP_VERIFICATION	RENAMED	EF_OUTPUT_KAFKA_TLS_SKIP_VERIFICATION
EF_FLOW_OUTPUT_KAFKA_PRODUCER_MAX_MESSAGE_BYTES	RENAMED	EF_OUTPUT_KAFKA_PRODUCER_MAX_MESSAGE_BYTES
EF_FLOW_OUTPUT_KAFKA_PRODUCER_REQUIRED_ACKS	RENAMED	EF_OUTPUT_KAFKA_PRODUCER_REQUIRED_ACKS
EF_FLOW_OUTPUT_KAFKA_PRODUCER_TIMEOUT	RENAMED	EF_OUTPUT_KAFKA_PRODUCER_TIMEOUT
EF_FLOW_OUTPUT_KAFKA_PRODUCER_COMPRESSION	RENAMED	EF_OUTPUT_KAFKA_PRODUCER_COMPRESSION
EF_FLOW_OUTPUT_KAFKA_PRODUCER_COMPRESSION_LEVEL	RENAMED	EF_OUTPUT_KAFKA_PRODUCER_COMPRESSION_LEVEL
EF_FLOW_OUTPUT_KAFKA_PRODUCER_FLUSH_BYTES	RENAMED	EF_OUTPUT_KAFKA_PRODUCER_FLUSH_BYTES
EF_FLOW_OUTPUT_KAFKA_PRODUCER_FLUSH_MESSAGES	RENAMED	EF_OUTPUT_KAFKA_PRODUCER_FLUSH_MESSAGES
EF_FLOW_OUTPUT_KAFKA_PRODUCER_FLUSH_FREQUENCY	RENAMED	EF_OUTPUT_KAFKA_PRODUCER_FLUSH_FREQUENCY
EF_FLOW_OUTPUT_KAFKA_PRODUCER_FLUSH_MAX_MESSAGES	RENAMED	EF_OUTPUT_KAFKA_PRODUCER_FLUSH_MAX_MESSAGES
EF_FLOW_OUTPUT_KAFKA_PRODUCER_RETRY_MAX	RENAMED	EF_OUTPUT_KAFKA_PRODUCER_RETRY_MAX
EF_FLOW_OUTPUT_KAFKA_PRODUCER_RETRY_BACKOFF	RENAMED	EF_OUTPUT_KAFKA_PRODUCER_RETRY_BACKOFF
EF_FLOW_OUTPUT_KAFKA_DROP_FIELDS	RENAMED	EF_OUTPUT_KAFKA_DROP_FIELDS
___	NEW	EF_OUTPUT_KAFKA_ALLOWED_RECORD_TYPES

5.6.x Option

Status

Notes for 6.0

EF_FLOW_OUTPUT_KAFKA_ENABLE

RENAMED

EF_OUTPUT_KAFKA_ENABLE

EF_FLOW_OUTPUT_KAFKA_BROKERS

RENAMED

EF_OUTPUT_KAFKA_BROKERS

EF_FLOW_OUTPUT_KAFKA_VERSION

RENAMED

EF_OUTPUT_KAFKA_VERSION

EF_FLOW_OUTPUT_KAFKA_TOPIC

RENAMED

EF_OUTPUT_KAFKA_TOPIC

EF_FLOW_OUTPUT_KAFKA_CLIENT_ID

RENAMED

EF_OUTPUT_KAFKA_CLIENT_ID

EF_FLOW_OUTPUT_KAFKA_PARTITION_KEY

RENAMED

EF_OUTPUT_KAFKA_PARTITION_KEY

EF_FLOW_OUTPUT_KAFKA_RACK_ID

RENAMED

EF_OUTPUT_KAFKA_RACK_ID

EF_FLOW_OUTPUT_KAFKA_TIMEOUT

RENAMED

EF_OUTPUT_KAFKA_TIMEOUT

EF_FLOW_OUTPUT_KAFKA_SASL_ENABLE

RENAMED

EF_OUTPUT_KAFKA_SASL_ENABLE

EF_FLOW_OUTPUT_KAFKA_SASL_USERNAME

RENAMED

EF_OUTPUT_KAFKA_SASL_USERNAME

EF_FLOW_OUTPUT_KAFKA_SASL_PASSWORD

RENAMED

EF_OUTPUT_KAFKA_SASL_PASSWORD

EF_FLOW_OUTPUT_KAFKA_TLS_ENABLE

RENAMED

EF_OUTPUT_KAFKA_TLS_ENABLE

EF_FLOW_OUTPUT_KAFKA_TLS_CA_CERT_FILEPATH

RENAMED

EF_OUTPUT_KAFKA_TLS_CA_CERT_FILEPATH

EF_FLOW_OUTPUT_KAFKA_TLS_CERT_FILEPATH

RENAMED

EF_OUTPUT_KAFKA_TLS_CERT_FILEPATH

EF_FLOW_OUTPUT_KAFKA_TLS_KEY_FILEPATH

RENAMED

EF_OUTPUT_KAFKA_TLS_KEY_FILEPATH

EF_FLOW_OUTPUT_KAFKA_TLS_SKIP_VERIFICATION

RENAMED

EF_OUTPUT_KAFKA_TLS_SKIP_VERIFICATION

EF_FLOW_OUTPUT_KAFKA_PRODUCER_MAX_MESSAGE_BYTES

RENAMED

EF_OUTPUT_KAFKA_PRODUCER_MAX_MESSAGE_BYTES

EF_FLOW_OUTPUT_KAFKA_PRODUCER_REQUIRED_ACKS

RENAMED

EF_OUTPUT_KAFKA_PRODUCER_REQUIRED_ACKS

EF_FLOW_OUTPUT_KAFKA_PRODUCER_TIMEOUT

RENAMED

EF_OUTPUT_KAFKA_PRODUCER_TIMEOUT

EF_FLOW_OUTPUT_KAFKA_PRODUCER_COMPRESSION

RENAMED

EF_OUTPUT_KAFKA_PRODUCER_COMPRESSION

EF_FLOW_OUTPUT_KAFKA_PRODUCER_COMPRESSION_LEVEL

RENAMED

EF_OUTPUT_KAFKA_PRODUCER_COMPRESSION_LEVEL

EF_FLOW_OUTPUT_KAFKA_PRODUCER_FLUSH_BYTES

RENAMED

EF_OUTPUT_KAFKA_PRODUCER_FLUSH_BYTES

EF_FLOW_OUTPUT_KAFKA_PRODUCER_FLUSH_MESSAGES

RENAMED

EF_OUTPUT_KAFKA_PRODUCER_FLUSH_MESSAGES

EF_FLOW_OUTPUT_KAFKA_PRODUCER_FLUSH_FREQUENCY

RENAMED

EF_OUTPUT_KAFKA_PRODUCER_FLUSH_FREQUENCY

EF_FLOW_OUTPUT_KAFKA_PRODUCER_FLUSH_MAX_MESSAGES

RENAMED

EF_OUTPUT_KAFKA_PRODUCER_FLUSH_MAX_MESSAGES

EF_FLOW_OUTPUT_KAFKA_PRODUCER_RETRY_MAX

RENAMED

EF_OUTPUT_KAFKA_PRODUCER_RETRY_MAX

EF_FLOW_OUTPUT_KAFKA_PRODUCER_RETRY_BACKOFF

RENAMED

EF_OUTPUT_KAFKA_PRODUCER_RETRY_BACKOFF

EF_FLOW_OUTPUT_KAFKA_DROP_FIELDS

RENAMED

EF_OUTPUT_KAFKA_DROP_FIELDS

___

NEW

EF_OUTPUT_KAFKA_ALLOWED_RECORD_TYPES

Cribl Stream Output Options

The only change is that FLOW_ has been removed from the option names.

5.6.x Option	Status	Notes for 6.0
EF_FLOW_OUTPUT_CRIBL_ENABLE	RENAMED	EF_OUTPUT_CRIBL_ENABLE
EF_FLOW_OUTPUT_CRIBL_ADDRESSES	RENAMED	EF_OUTPUT_CRIBL_ADDRESSES
EF_FLOW_OUTPUT_CRIBL_TOKEN	RENAMED	EF_OUTPUT_CRIBL_TOKEN
EF_FLOW_OUTPUT_CRIBL_BATCH_DEADLINE	RENAMED	EF_OUTPUT_CRIBL_BATCH_DEADLINE
EF_FLOW_OUTPUT_CRIBL_BATCH_MAX_BYTES	RENAMED	EF_OUTPUT_CRIBL_BATCH_MAX_BYTES
EF_FLOW_OUTPUT_CRIBL_TLS_ENABLE	RENAMED	EF_OUTPUT_CRIBL_TLS_ENABLE
EF_FLOW_OUTPUT_CRIBL_TLS_SKIP_VERIFICATION	RENAMED	EF_OUTPUT_CRIBL_TLS_SKIP_VERIFICATION
EF_FLOW_OUTPUT_CRIBL_TLS_CA_CERT_FILEPATH	RENAMED	EF_OUTPUT_CRIBL_TLS_CA_CERT_FILEPATH
EF_FLOW_OUTPUT_CRIBL_DROP_FIELDS	RENAMED	EF_OUTPUT_CRIBL_DROP_FIELDS

5.6.x Option

Status

Notes for 6.0

EF_FLOW_OUTPUT_CRIBL_ENABLE

RENAMED

EF_OUTPUT_CRIBL_ENABLE

EF_FLOW_OUTPUT_CRIBL_ADDRESSES

RENAMED

EF_OUTPUT_CRIBL_ADDRESSES

EF_FLOW_OUTPUT_CRIBL_TOKEN

RENAMED

EF_OUTPUT_CRIBL_TOKEN

EF_FLOW_OUTPUT_CRIBL_BATCH_DEADLINE

RENAMED

EF_OUTPUT_CRIBL_BATCH_DEADLINE

EF_FLOW_OUTPUT_CRIBL_BATCH_MAX_BYTES

RENAMED

EF_OUTPUT_CRIBL_BATCH_MAX_BYTES

EF_FLOW_OUTPUT_CRIBL_TLS_ENABLE

RENAMED

EF_OUTPUT_CRIBL_TLS_ENABLE

EF_FLOW_OUTPUT_CRIBL_TLS_SKIP_VERIFICATION

RENAMED

EF_OUTPUT_CRIBL_TLS_SKIP_VERIFICATION

EF_FLOW_OUTPUT_CRIBL_TLS_CA_CERT_FILEPATH

RENAMED

EF_OUTPUT_CRIBL_TLS_CA_CERT_FILEPATH

EF_FLOW_OUTPUT_CRIBL_DROP_FIELDS

RENAMED

EF_OUTPUT_CRIBL_DROP_FIELDS

Generic HTTP Output Options

5.6.x Option	Status	Notes for 6.0
___	NEW	EF_FLOW_OUTPUT_GENERIC_HTTP_ENABLE
___	NEW	EF_FLOW_OUTPUT_GENERIC_HTTP_ECS_ENABLE
___	NEW	EF_FLOW_OUTPUT_GENERIC_HTTP_BATCH_DEADLINE
___	NEW	EF_FLOW_OUTPUT_GENERIC_HTTP_BATCH_MAX_BYTES
___	NEW	EF_FLOW_OUTPUT_GENERIC_HTTP_ADDRESSES
___	NEW	EF_FLOW_OUTPUT_GENERIC_HTTP_USERNAME
___	NEW	EF_FLOW_OUTPUT_GENERIC_HTTP_PASSWORD
___	NEW	EF_FLOW_OUTPUT_GENERIC_HTTP_TLS_ENABLE
___	NEW	EF_FLOW_OUTPUT_GENERIC_HTTP_TLS_SKIP_VERIFICATION
___	NEW	EF_FLOW_OUTPUT_GENERIC_HTTP_TLS_CA_CERT_FILEPATH
___	NEW	EF_FLOW_OUTPUT_GENERIC_HTTP_DROP_FIELDS
___	NEW	EF_FLOW_OUTPUT_GENERIC_HTTP_TIMESTAMP_SOURCE

5.6.x Option

Status

Notes for 6.0

___

NEW

EF_FLOW_OUTPUT_GENERIC_HTTP_ENABLE

___

NEW

EF_FLOW_OUTPUT_GENERIC_HTTP_ECS_ENABLE

___

NEW

EF_FLOW_OUTPUT_GENERIC_HTTP_BATCH_DEADLINE

___

NEW

EF_FLOW_OUTPUT_GENERIC_HTTP_BATCH_MAX_BYTES

___

NEW

EF_FLOW_OUTPUT_GENERIC_HTTP_ADDRESSES

___

NEW

EF_FLOW_OUTPUT_GENERIC_HTTP_USERNAME

___

NEW

EF_FLOW_OUTPUT_GENERIC_HTTP_PASSWORD

___

NEW

EF_FLOW_OUTPUT_GENERIC_HTTP_TLS_ENABLE

___

NEW

EF_FLOW_OUTPUT_GENERIC_HTTP_TLS_SKIP_VERIFICATION

___

NEW

EF_FLOW_OUTPUT_GENERIC_HTTP_TLS_CA_CERT_FILEPATH

___

NEW

EF_FLOW_OUTPUT_GENERIC_HTTP_DROP_FIELDS

___

NEW

EF_FLOW_OUTPUT_GENERIC_HTTP_TIMESTAMP_SOURCE

RiskIQ Output Options

The only change is that FLOW_ has been removed from the option names.

5.6.x Option	Status	Notes for 6.0
EF_FLOW_OUTPUT_RISKIQ_ENABLE	RENAMED	EF_OUTPUT_RISKIQ_ENABLE
EF_FLOW_OUTPUT_RISKIQ_HOST	RENAMED	EF_OUTPUT_RISKIQ_HOST
EF_FLOW_OUTPUT_RISKIQ_PORT	RENAMED	EF_OUTPUT_RISKIQ_PORT
EF_FLOW_OUTPUT_RISKIQ_CUSTOMER_UUID	RENAMED	EF_OUTPUT_RISKIQ_CUSTOMER_UUID
EF_FLOW_OUTPUT_RISKIQ_CUSTOMER_ENCRYPTION_KEY	RENAMED	EF_OUTPUT_RISKIQ_CUSTOMER_ENCRYPTION_KEY

5.6.x Option

Status

Notes for 6.0

EF_FLOW_OUTPUT_RISKIQ_ENABLE

RENAMED

EF_OUTPUT_RISKIQ_ENABLE

EF_FLOW_OUTPUT_RISKIQ_HOST

RENAMED

EF_OUTPUT_RISKIQ_HOST

EF_FLOW_OUTPUT_RISKIQ_PORT

RENAMED

EF_OUTPUT_RISKIQ_PORT

EF_FLOW_OUTPUT_RISKIQ_CUSTOMER_UUID

RENAMED

EF_OUTPUT_RISKIQ_CUSTOMER_UUID

EF_FLOW_OUTPUT_RISKIQ_CUSTOMER_ENCRYPTION_KEY

RENAMED

EF_OUTPUT_RISKIQ_CUSTOMER_ENCRYPTION_KEY

PreviousSample Rate NextUnified SNMP Collector