Configuration Changes

To improve the consistency of configuration options and prepare for future features on ElastiFlow's roadmap, many of the configuration options have been renamed or otherwise changed. The following is a list of all changes.

:::tip You may want to start with a clean 6.0 configuration file from either our provided docker-compose.yml example, or the flowcoll.conf file in the native packages. You can then provide only the modifications necessary to add to the new configuration. :::

Licensing Options

5.6.x Option

Status

Notes for 6.0

Logging Options

The only change is that FLOW_ has been removed from the option names.

5.6.x Option

Status

Notes for 6.0

Metrics Options

5.6.x Option

Status

Notes for 6.0

Flow UDP Server Options

5.6.x Option

Status

Notes for 6.0

AWS VPC Flow Logs Options

5.6.x Option

Status

Notes for 6.0

Decoding Options

5.6.x Option

Status

Notes for 6.0

Application Enrichment Options

5.6.x Option

Status

Notes for 6.0

:::danger While the configuration options for IP/port to application attributes enrichment are renamed, the format of the file pointed to by EF_PROCESSOR_ENRICH_APP_IPPORT_PATH has changed significantly. Please refer to the configuration reference page for an example. :::

IP Address Enrichment Options

The primary change is that FLOW_DECODER has been renamed to PROCESSOR in the option names.

5.6.x Option

Status

Notes for 6.0

Network Interface Enrichment Options

The only change is that FLOW_DECODER has been renamed to PROCESSOR in the option names.

5.6.x Option

Status

Notes for 6.0

Post-Processing Enrichment Options

5.6.x Option

Status

Notes for 6.0

stdout Output Options

The only change is that FLOW_ has been removed from the option names.

5.6.x Option

Status

Notes for 6.0

Monitor Output Options

The only change is that FLOW_ has been removed from the option names.

5.6.x Option

Status

Notes for 6.0

Elasticsearch Output Options

The primary change is that FLOW_ has been removed from the option names. A few options have been removed.

5.6.x Option

Status

Notes for 6.0

OpenSearch Output Options

The primary change is that FLOW_ has been removed from the option names.

5.6.x Option

Status

Notes for 6.0

Splunk Output Options

The only change is that FLOW_ has been removed from the option names.

5.6.x Option

Status

Notes for 6.0

Kafka Output Options

The primary change is that FLOW_ has been removed from the option names.

5.6.x Option

Status

Notes for 6.0

Cribl Stream Output Options

The only change is that FLOW_ has been removed from the option names.

5.6.x Option

Status

Notes for 6.0

Generic HTTP Output Options

5.6.x Option

Status

Notes for 6.0

RiskIQ Output Options

The only change is that FLOW_ has been removed from the option names.

5.6.x Option

Status

Notes for 6.0

PreviousSample Rate NextUnified SNMP Collector