Upgrading to 6.0
Configuration Changes
To improve the consistency of configuration options and prepare for future features on ElastiFlow's roadmap, many of the configuration options have been renamed or otherwise changed. The following is a list of all changes.
tip
You may want to start with a clean 6.0 configuration file from either our provided docker-compose.yml example, or the flowcoll.conf file in the native packages. You can then provide only the modifications necessary to add to the new configuration.
Licensing Options
| 5.6.x Option | Status | Notes for 6.0 |
|---|---|---|
| ___ | NEW | EF_LICENSE_ACCEPTED |
| EF_FLOW_ACCOUNT_ID | RENAMED | EF_ACCOUNT_ID |
| EF_FLOW_LICENSE_KEY | ✓ | Unchanged |
| EF_FLOW_LICENSED_UNITS | ✓ | Unchanged |
Logging Options
The only change is that FLOW_ has been removed from the option names.
| 5.6.x Option | Status | Notes for 6.0 |
|---|---|---|
| EF_FLOW_LOGGER_LEVEL | RENAMED | EF_LOGGER_LEVEL |
| EF_FLOW_LOGGER_ENCODING | RENAMED | EF_LOGGER_ENCODING |
| EF_FLOW_LOGGER_FILE_LOG_ENABLE | RENAMED | EF_LOGGER_FILE_LOG_ENABLE |
| EF_FLOW_LOGGER_FILE_LOG_FILENAME | RENAMED | EF_LOGGER_FILE_LOG_FILENAME |
| EF_FLOW_LOGGER_FILE_LOG_MAX_SIZE | RENAMED | EF_LOGGER_FILE_LOG_MAX_SIZE |
| EF_FLOW_LOGGER_FILE_LOG_MAX_AGE | RENAMED | EF_LOGGER_FILE_LOG_MAX_AGE |
| EF_FLOW_LOGGER_FILE_LOG_MAX_BACKUPS | RENAMED | EF_LOGGER_FILE_LOG_MAX_BACKUPS |
| EF_FLOW_LOGGER_FILE_LOG_COMPRESS | RENAMED | EF_LOGGER_FILE_LOG_COMPRESS |
Metrics Options
| 5.6.x Option | Status | Notes for 6.0 |
|---|---|---|
| ___ | NEW | EF_INSTANCE_NAME |
| ___ | NEW | EF_METRICS_PORT |
| ___ | NEW | EF_METRICS_TLS_ENABLE |
| ___ | NEW | EF_METRICS_TLS_CERT_FILEPATH |
| ___ | NEW | EF_METRICS_TLS_KEY_FILEPATH |
Flow UDP Server Options
| 5.6.x Option | Status | Notes for 6.0 |
|---|---|---|
| EF_FLOW_SERVER_UDP_IP | ✓ | Unchanged |
| EF_FLOW_SERVER_UDP_PORT | ✓ | Unchanged |
| EF_FLOW_SERVER_UDP_READ_BUFFER_MAX_SIZE | ✓ | Unchanged |
| EF_FLOW_SERVER_UDP_PACKET_STREAM_MAX_SIZE | RENAMED | EF_FLOW_PACKET_STREAM_MAX_SIZE |
AWS VPC Flow Logs Options
| 5.6.x Option | Status | Notes for 6.0 |
|---|---|---|
| ___ | NEW | EF_AWS_VPC_FLOW_LOG_ENABLE |
| ___ | NEW | EF_AWS_VPC_FLOW_LOG_S3_BUCKET |
| ___ | NEW | EF_AWS_VPC_FLOW_LOG_PREFIX |
| ___ | NEW | AWS_REGION |
| ___ | NEW | AWS_ACCESS_KEY_ID |
| ___ | NEW | AWS_SECRET_ACCESS_KEY |
Decoding Options
| 5.6.x Option | Status | Notes for 6.0 |
|---|---|---|
| EF_FLOW_DECODER_POOL_SIZE | RENAMED | EF_PROCESSOR_POOL_SIZE |
| EF_FLOW_DECODER_SETTINGS_PATH | ✕ | REMOVED: Absolute paths MUST now be used for all option values that define a path to a file or directory. |
| EF_FLOW_DECODER_IPFIX_ENABLE | RENAMED | EF_PROCESSOR_DECODE_IPFIX_ENABLE |
| EF_FLOW_DECODER_NETFLOW1_ENABLE | RENAMED | EF_PROCESSOR_DECODE_NETFLOW1_ENABLE |
| EF_FLOW_DECODER_NETFLOW5_ENABLE | RENAMED | EF_PROCESSOR_DECODE_NETFLOW5_ENABLE |
| EF_FLOW_DECODER_NETFLOW6_ENABLE | RENAMED | EF_PROCESSOR_DECODE_NETFLOW6_ENABLE |
| EF_FLOW_DECODER_NETFLOW7_ENABLE | RENAMED | EF_PROCESSOR_DECODE_NETFLOW7_ENABLE |
| EF_FLOW_DECODER_NETFLOW9_ENABLE | RENAMED | EF_PROCESSOR_DECODE_NETFLOW9_ENABLE |
| EF_FLOW_DECODER_SFLOW5_ENABLE | RENAMED | EF_PROCESSOR_DECODE_SFLOW5_ENABLE |
| EF_FLOW_DECODER_SFLOW_FLOWS_ENABLE | RENAMED | EF_PROCESSOR_DECODE_SFLOW_FLOWS_ENABLE |
| EF_FLOW_DECODER_SFLOW_FLOWS_KEEP_SAMPLES | RENAMED | EF_PROCESSOR_DECODE_SFLOW_FLOWS_KEEP_SAMPLES |
| EF_FLOW_DECODER_SFLOW_COUNTERS_ENABLE | RENAMED | EF_PROCESSOR_DECODE_SFLOW_COUNTERS_ENABLE |
| EF_FLOW_DECODER_TRANSLATE_KEEP_IDS | RENAMED | EF_PROCESSOR_TRANSLATE_KEEP_IDS |
Application Enrichment Options
| 5.6.x Option | Status | Notes for 6.0 |
|---|---|---|
| ___ | NEW | EF_PROCESSOR_ENRICH_APP_ID_ENABLE |
| ___ | NEW | EF_PROCESSOR_ENRICH_APP_ID_PATH |
| ___ | NEW | EF_PROCESSOR_ENRICH_APP_ID_TTL |
| EF_FLOW_DECODER_ENRICH_APP_CACHE_SIZE | ✕ | REMOVED: TTL is now used to flush old cache entries. |
| EF_FLOW_DECODER_ENRICH_APP_USERDEF_ENABLE | RENAMED | EF_PROCESSOR_ENRICH_APP_IPPORT_ENABLE |
| EF_FLOW_DECODER_ENRICH_APP_USERDEF_PRIVATE | RENAMED | EF_PROCESSOR_ENRICH_APP_IPPORT_PRIVATE |
| EF_FLOW_DECODER_ENRICH_APP_USERDEF_PUBLIC | RENAMED | EF_PROCESSOR_ENRICH_APP_IPPORT_PUBLIC |
| EF_FLOW_DECODER_ENRICH_APP_USERDEF_PATH | RENAMED | EF_PROCESSOR_ENRICH_APP_IPPORT_PATH |
| ___ | NEW | EF_PROCESSOR_ENRICH_APP_IPPORT_TTL |
| ___ | NEW | EF_PROCESSOR_ENRICH_APP_REFRESH_RATE |
danger
While the configuration options for IP/port to application attributes enrichment are renamed, the format of the file pointed to by EF_PROCESSOR_ENRICH_APP_IPPORT_PATH has changed significantly. Please refer to the configuration reference page for an example.
IP Address Enrichment Options
The primary change is that FLOW_DECODER has been renamed to PROCESSOR in the option names.
| 5.6.x Option | Status | Notes for 6.0 |
|---|---|---|
| ___ | NEW | EF_PROCESSOR_ENRICH_OPTION_ENUM_TTL |
| EF_FLOW_DECODER_ENRICH_IPADDR_TTL | RENAMED | EF_PROCESSOR_ENRICH_IPADDR_TTL |
| EF_FLOW_DECODER_ENRICH_IPADDR_METADATA_ENABLE | RENAMED | EF_PROCESSOR_ENRICH_IPADDR_METADATA_ENABLE |
| EF_FLOW_DECODER_ENRICH_IPADDR_METADATA_USERDEF_PATH | RENAMED | EF_PROCESSOR_ENRICH_IPADDR_METADATA_USERDEF_PATH |
| EF_FLOW_DECODER_ENRICH_IPADDR_METADATA_REFRESH_RATE | RENAMED | EF_PROCESSOR_ENRICH_IPADDR_METADATA_REFRESH_RATE |
| EF_FLOW_DECODER_ENRICH_DNS_ENABLE | RENAMED | EF_PROCESSOR_ENRICH_IPADDR_DNS_ENABLE |
| EF_FLOW_DECODER_ENRICH_DNS_NAMESERVER_IP | RENAMED | EF_PROCESSOR_ENRICH_IPADDR_DNS_NAMESERVER_IP |
| EF_FLOW_DECODER_ENRICH_DNS_NAMESERVER_TIMEOUT | RENAMED | EF_PROCESSOR_ENRICH_IPADDR_DNS_NAMESERVER_TIMEOUT |
| EF_FLOW_DECODER_ENRICH_DNS_RESOLVE_PRIVATE | RENAMED | EF_PROCESSOR_ENRICH_IPADDR_DNS_RESOLVE_PRIVATE |
| EF_FLOW_DECODER_ENRICH_DNS_RESOLVE_PUBLIC | RENAMED | EF_PROCESSOR_ENRICH_IPADDR_DNS_RESOLVE_PUBLIC |
| EF_FLOW_DECODER_ENRICH_DNS_USERDEF_PATH | RENAMED | EF_PROCESSOR_ENRICH_IPADDR_DNS_USERDEF_PATH |
| EF_FLOW_DECODER_ENRICH_DNS_USERDEF_REFRESH_RATE | RENAMED | EF_PROCESSOR_ENRICH_IPADDR_DNS_USERDEF_REFRESH_RATE |
| EF_FLOW_DECODER_ENRICH_DNS_INCLEXCL_PATH | RENAMED | EF_PROCESSOR_ENRICH_IPADDR_DNS_INCLEXCL_PATH |
| EF_FLOW_DECODER_ENRICH_DNS_INCLEXCL_REFRESH_RATE | RENAMED | EF_PROCESSOR_ENRICH_IPADDR_DNS_INCLEXCL_REFRESH_RATE |
| EF_FLOW_DECODER_ENRICH_MAXMIND_ASN_ENABLE | RENAMED | EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_ASN_ENABLE |
| EF_FLOW_DECODER_ENRICH_MAXMIND_ASN_PATH | RENAMED | EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_ASN_PATH |
| EF_FLOW_DECODER_ENRICH_MAXMIND_GEOIP_ENABLE | RENAMED | EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_GEOIP_ENABLE |
| EF_FLOW_DECODER_ENRICH_MAXMIND_GEOIP_PATH | RENAMED | EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_GEOIP_PATH |
| EF_FLOW_DECODER_ENRICH_MAXMIND_GEOIP_VALUES | RENAMED | EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_GEOIP_VALUES |
| EF_FLOW_DECODER_ENRICH_MAXMIND_GEOIP_LANG | RENAMED | EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_GEOIP_LANG |
| EF_FLOW_DECODER_ENRICH_MAXMIND_GEOIP_INCLEXCL_PATH | RENAMED | EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_GEOIP_INCLEXCL_PATH |
| EF_FLOW_DECODER_ENRICH_MAXMIND_GEOIP_INCLEXCL_REFRESH_RATE | RENAMED | EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_GEOIP_INCLEXCL_REFRESH_RATE |
| EF_FLOW_DECODER_ENRICH_RISKIQ_THREAT_ENABLE | RENAMED | EF_PROCESSOR_ENRICH_IPADDR_RISKIQ_THREAT_ENABLE |
| EF_FLOW_DECODER_ENRICH_RISKIQ_THREAT_ENDPOINT | RENAMED | EF_PROCESSOR_ENRICH_IPADDR_RISKIQ_THREAT_ENDPOINT |
| EF_FLOW_DECODER_ENRICH_RISKIQ_THREAT_REFRESH_INTERVAL | RENAMED | EF_PROCESSOR_ENRICH_IPADDR_RISKIQ_THREAT_REFRESH_INTERVAL |
| EF_FLOW_DECODER_ENRICH_RISKIQ_THREAT_INCLEXCL_PATH | RENAMED | EF_PROCESSOR_ENRICH_IPADDR_RISKIQ_THREAT_INCLEXCL_PATH |
| EF_FLOW_DECODER_ENRICH_RISKIQ_THREAT_INCLEXCL_REFRESH_RATE | RENAMED | EF_PROCESSOR_ENRICH_IPADDR_RISKIQ_THREAT_INCLEXCL_REFRESH_RATE |
| EF_FLOW_DECODER_ENRICH_RISKIQ_API_USER | RENAMED | EF_PROCESSOR_ENRICH_IPADDR_RISKIQ_API_USER |
| EF_FLOW_DECODER_ENRICH_RISKIQ_API_KEY | RENAMED | EF_PROCESSOR_ENRICH_IPADDR_RISKIQ_API_KEY |
| EF_FLOW_DECODER_ENRICH_RISKIQ_API_TIMEOUT | RENAMED | EF_PROCESSOR_ENRICH_IPADDR_RISKIQ_API_TIMEOUT |
| EF_FLOW_DECODER_ENRICH_ASN_PREF | RENAMED | EF_PROCESSOR_ENRICH_ASN_PREF |
Network Interface Enrichment Options
The only change is that FLOW_DECODER has been renamed to PROCESSOR in the option names.
| 5.6.x Option | Status | Notes for 6.0 |
|---|---|---|
| EF_FLOW_DECODER_ENRICH_NETIF_TTL | RENAMED | EF_PROCESSOR_ENRICH_NETIF_TTL |
| EF_FLOW_DECODER_ENRICH_NETIF_METADATA_ENABLE | RENAMED | EF_PROCESSOR_ENRICH_NETIF_METADATA_ENABLE |
| EF_FLOW_DECODER_ENRICH_NETIF_METADATA_USERDEF_PATH | RENAMED | EF_PROCESSOR_ENRICH_NETIF_METADATA_USERDEF_PATH |
| EF_FLOW_DECODER_ENRICH_NETIF_METADATA_REFRESH_RATE | RENAMED | EF_PROCESSOR_ENRICH_NETIF_METADATA_REFRESH_RATE |
| EF_FLOW_DECODER_ENRICH_NETIF_FLOW_OPTIONS_ENABLE | RENAMED | EF_PROCESSOR_ENRICH_NETIF_FLOW_OPTIONS_ENABLE |
| EF_FLOW_DECODER_ENRICH_NETIF_SNMP_ENABLE | RENAMED | EF_PROCESSOR_ENRICH_NETIF_SNMP_ENABLE |
| EF_FLOW_DECODER_ENRICH_NETIF_SNMP_PORT | RENAMED | EF_PROCESSOR_ENRICH_NETIF_SNMP_PORT |
| EF_FLOW_DECODER_ENRICH_NETIF_SNMP_VERSION | RENAMED | EF_PROCESSOR_ENRICH_NETIF_SNMP_VERSION |
| EF_FLOW_DECODER_ENRICH_NETIF_SNMP_COMMUNITIES | RENAMED | EF_PROCESSOR_ENRICH_NETIF_SNMP_COMMUNITIES |
| EF_FLOW_DECODER_ENRICH_NETIF_SNMP_TIMEOUT | RENAMED | EF_PROCESSOR_ENRICH_NETIF_SNMP_TIMEOUT |
| EF_FLOW_DECODER_ENRICH_NETIF_SNMP_RETRIES | RENAMED | EF_PROCESSOR_ENRICH_NETIF_SNMP_RETRIES |
Post-Processing Enrichment Options
| 5.6.x Option | Status | Notes for 6.0 |
|---|---|---|
| EF_FLOW_DECODER_ENRICH_TOTALS_IF_NO_DELTAS | RENAMED | EF_PROCESSOR_ENRICH_TOTALS_IF_NO_DELTAS |
| EF_FLOW_DECODER_ENRICH_SAMPLERATE_CACHE_SIZE | RENAMED | EF_PROCESSOR_ENRICH_SAMPLERATE_CACHE_SIZE |
| EF_FLOW_DECODER_ENRICH_SAMPLERATE_USERDEF_ENABLE | RENAMED | EF_PROCESSOR_ENRICH_SAMPLERATE_USERDEF_ENABLE |
| EF_FLOW_DECODER_ENRICH_SAMPLERATE_USERDEF_PATH | RENAMED | EF_PROCESSOR_ENRICH_SAMPLERATE_USERDEF_PATH |
| ___ | NEW | EF_PROCESSOR_ENRICH_SAMPLERATE_USERDEF_OVERRIDE |
| EF_FLOW_DECODER_ENRICH_COMMUNITYID_ENABLE | RENAMED | EF_PROCESSOR_ENRICH_COMMUNITYID_ENABLE |
| EF_FLOW_DECODER_ENRICH_COMMUNITYID_SEED | RENAMED | EF_PROCESSOR_ENRICH_COMMUNITYID_SEED |
| EF_FLOW_DECODER_ENRICH_CONVERSATIONID_ENABLE | RENAMED | EF_PROCESSOR_ENRICH_CONVERSATIONID_ENABLE |
| EF_FLOW_DECODER_ENRICH_CONVERSATIONID_SEED | RENAMED | EF_PROCESSOR_ENRICH_CONVERSATIONID_SEED |
| EF_FLOW_DECODER_ENRICH_JOIN_ASN | RENAMED | EF_PROCESSOR_ENRICH_JOIN_ASN |
| EF_FLOW_DECODER_ENRICH_JOIN_GEOIP | RENAMED | EF_PROCESSOR_ENRICH_JOIN_GEOIP |
| EF_FLOW_DECODER_ENRICH_JOIN_SEC | RENAMED | EF_PROCESSOR_ENRICH_JOIN_SEC |
| EF_FLOW_DECODER_ENRICH_JOIN_NETATTR | RENAMED | EF_PROCESSOR_ENRICH_JOIN_NETATTR |
| EF_FLOW_DECODER_ENRICH_JOIN_SUBNETATTR | RENAMED | EF_PROCESSOR_ENRICH_JOIN_SUBNETATTR |
| EF_FLOW_DECODER_DURATION_PRECISION | RENAMED | EF_PROCESSOR_DURATION_PRECISION |
| EF_FLOW_DECODER_TIMESTAMP_PRECISION | RENAMED | EF_PROCESSOR_TIMESTAMP_PRECISION |
| EF_FLOW_DECODER_PERCENT_NORM | RENAMED | EF_PROCESSOR_PERCENT_NORM |
| EF_FLOW_DECODER_ENRICH_EXPAND_CLISRV | RENAMED | EF_PROCESSOR_EXPAND_CLISRV |
| ___ | NEW | EF_PROCESSOR_EXPAND_CLISRV_NO_L4_PORTS |
| EF_FLOW_DECODER_ENRICH_KEEP_CPU_TICKS | RENAMED | EF_PROCESSOR_KEEP_CPU_TICKS |
| EF_FLOW_DECODER_ENRICH_DROP_FIELDS | RENAMED | EF_PROCESSOR_DROP_FIELDS |
| EF_FLOW_RECORD_STREAM_MAX_SIZE | ✕ | REMOVED: The record stream size has been optimized for peak performance and requires no adjustment. |
stdout Output Options
The only change is that FLOW_ has been removed from the option names.
| 5.6.x Option | Status | Notes for 6.0 |
|---|---|---|
| EF_FLOW_OUTPUT_STDOUT_ENABLE | RENAMED | EF_OUTPUT_STDOUT_ENABLE |
| EF_FLOW_OUTPUT_STDOUT_FORMAT | RENAMED | EF_OUTPUT_STDOUT_FORMAT |
Monitor Output Options
The only change is that FLOW_ has been removed from the option names.
| 5.6.x Option | Status | Notes for 6.0 |
|---|---|---|
| EF_FLOW_OUTPUT_MONITOR_ENABLE | RENAMED | EF_OUTPUT_MONITOR_ENABLE |
| EF_FLOW_OUTPUT_MONITOR_INTERVAL | RENAMED | EF_OUTPUT_MONITOR_INTERVAL |
Elasticsearch Output Options
The primary change is that FLOW_ has been removed from the option names. A few options have been removed.
| 5.6.x Option | Status | Notes for 6.0 |
|---|---|---|
| EF_FLOW_OUTPUT_ELASTICSEARCH_ENABLE | RENAMED | EF_OUTPUT_ELASTICSEARCH_ENABLE |
| EF_FLOW_OUTPUT_ELASTICSEARCH_ECS_ENABLE | RENAMED | EF_OUTPUT_ELASTICSEARCH_ECS_ENABLE |
| EF_FLOW_OUTPUT_ELASTICSEARCH_BATCH_DEADLINE | RENAMED | EF_OUTPUT_ELASTICSEARCH_BATCH_DEADLINE |
| EF_FLOW_OUTPUT_ELASTICSEARCH_BATCH_MAX_BYTES | RENAMED | EF_OUTPUT_ELASTICSEARCH_BATCH_MAX_BYTES |
| EF_FLOW_OUTPUT_ELASTICSEARCH_TIMESTAMP_SOURCE | RENAMED | EF_OUTPUT_ELASTICSEARCH_TIMESTAMP_SOURCE |
| EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_PERIOD | RENAMED | EF_OUTPUT_ELASTICSEARCH_INDEX_PERIOD |
| EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_SUFFIX | RENAMED | EF_OUTPUT_ELASTICSEARCH_INDEX_SUFFIX |
| EF_FLOW_OUTPUT_ELASTICSEARCH_DROP_FIELDS | RENAMED | EF_OUTPUT_ELASTICSEARCH_DROP_FIELDS |
| EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_ENABLE | RENAMED | EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_ENABLE |
| EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_OVERWRITE | RENAMED | EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_OVERWRITE |
| EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_SHARDS | RENAMED | EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_SHARDS |
| EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_REPLICAS | RENAMED | EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_REPLICAS |
| EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_REFRESH_INTERVAL | RENAMED | EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_REFRESH_INTERVAL |
| EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_CODEC | RENAMED | EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_CODEC |
| EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_ILM_LIFECYCLE | RENAMED | EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_ILM_LIFECYCLE |
| EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_ILM_ROLLOVER_ALIAS | ✕ | REMOVED: The rollover alias is generated automatically by the collector. |
| EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_ISM_POLICY | ✕ | REMOVED: The Elasticsearch output no longer supports OpenSearch-specific features. |
| EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_PIPELINE_DEFAULT | RENAMED | EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_PIPELINE_DEFAULT |
| EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_PIPELINE_FINAL | RENAMED | EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_PIPELINE_FINAL |
| EF_FLOW_OUTPUT_ELASTICSEARCH_ADDRESSES | RENAMED | EF_OUTPUT_ELASTICSEARCH_ADDRESSES |
| EF_FLOW_OUTPUT_ELASTICSEARCH_USERNAME | RENAMED | EF_OUTPUT_ELASTICSEARCH_USERNAME |
| EF_FLOW_OUTPUT_ELASTICSEARCH_PASSWORD | RENAMED | EF_OUTPUT_ELASTICSEARCH_PASSWORD |
| EF_FLOW_OUTPUT_ELASTICSEARCH_CLOUD_ID | RENAMED | EF_OUTPUT_ELASTICSEARCH_CLOUD_ID |
| EF_FLOW_OUTPUT_ELASTICSEARCH_API_KEY | RENAMED | EF_OUTPUT_ELASTICSEARCH_API_KEY |
| EF_FLOW_OUTPUT_ELASTICSEARCH_CLIENT_CA_CERT_FILEPATH | RENAMED | EF_OUTPUT_ELASTICSEARCH_CLIENT_CA_CERT_FILEPATH |
| EF_FLOW_OUTPUT_ELASTICSEARCH_CLIENT_CERT_FILEPATH | RENAMED | EF_OUTPUT_ELASTICSEARCH_CLIENT_CERT_FILEPATH |
| EF_FLOW_OUTPUT_ELASTICSEARCH_CLIENT_KEY_FILEPATH | RENAMED | EF_OUTPUT_ELASTICSEARCH_CLIENT_KEY_FILEPATH |
| EF_FLOW_OUTPUT_ELASTICSEARCH_TLS_ENABLE | RENAMED | EF_OUTPUT_ELASTICSEARCH_TLS_ENABLE |
| EF_FLOW_OUTPUT_ELASTICSEARCH_TLS_SKIP_VERIFICATION | RENAMED | EF_OUTPUT_ELASTICSEARCH_TLS_SKIP_VERIFICATION |
| EF_FLOW_OUTPUT_ELASTICSEARCH_TLS_CA_CERT_FILEPATH | RENAMED | EF_OUTPUT_ELASTICSEARCH_TLS_CA_CERT_FILEPATH |
| EF_FLOW_OUTPUT_ELASTICSEARCH_RETRY_ENABLE | RENAMED | EF_OUTPUT_ELASTICSEARCH_RETRY_ENABLE |
| EF_FLOW_OUTPUT_ELASTICSEARCH_RETRY_ON_TIMEOUT_ENABLE | RENAMED | EF_OUTPUT_ELASTICSEARCH_RETRY_ON_TIMEOUT_ENABLE |
| EF_FLOW_OUTPUT_ELASTICSEARCH_MAX_RETRIES | RENAMED | EF_OUTPUT_ELASTICSEARCH_MAX_RETRIES |
| EF_FLOW_OUTPUT_ELASTICSEARCH_RETRY_BACKOFF | RENAMED | EF_OUTPUT_ELASTICSEARCH_RETRY_BACKOFF |
| ___ | NEW | EF_OUTPUT_ELASTICSEARCH_ALLOWED_RECORD_TYPES |
OpenSearch Output Options
The primary change is that FLOW_ has been removed from the option names.
| 5.6.x Option | Status | Notes for 6.0 |
|---|---|---|
| EF_FLOW_OUTPUT_OPENSEARCH_ENABLE | RENAMED | EF_OUTPUT_OPENSEARCH_ENABLE |
| EF_FLOW_OUTPUT_OPENSEARCH_ECS_ENABLE | RENAMED | EF_OUTPUT_OPENSEARCH_ECS_ENABLE |
| EF_FLOW_OUTPUT_OPENSEARCH_BATCH_DEADLINE | RENAMED | EF_OUTPUT_OPENSEARCH_BATCH_DEADLINE |
| EF_FLOW_OUTPUT_OPENSEARCH_BATCH_MAX_BYTES | RENAMED | EF_OUTPUT_OPENSEARCH_BATCH_MAX_BYTES |
| EF_FLOW_OUTPUT_OPENSEARCH_TIMESTAMP_SOURCE | RENAMED | EF_OUTPUT_OPENSEARCH_TIMESTAMP_SOURCE |
| EF_FLOW_OUTPUT_OPENSEARCH_INDEX_PERIOD | RENAMED | EF_OUTPUT_OPENSEARCH_INDEX_PERIOD |
| EF_FLOW_OUTPUT_OPENSEARCH_INDEX_SUFFIX | RENAMED | EF_OUTPUT_OPENSEARCH_INDEX_SUFFIX |
| EF_FLOW_OUTPUT_OPENSEARCH_DROP_FIELDS | RENAMED | EF_OUTPUT_OPENSEARCH_DROP_FIELDS |
| EF_FLOW_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_ENABLE | RENAMED | EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_ENABLE |
| EF_FLOW_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_OVERWRITE | RENAMED | EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_OVERWRITE |
| EF_FLOW_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_SHARDS | RENAMED | EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_SHARDS |
| EF_FLOW_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_REPLICAS | RENAMED | EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_REPLICAS |
| EF_FLOW_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_REFRESH_INTERVAL | RENAMED | EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_REFRESH_INTERVAL |
| EF_FLOW_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_CODEC | RENAMED | EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_CODEC |
| EF_FLOW_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_ISM_POLICY | RENAMED | EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_ISM_POLICY |
| EF_FLOW_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_PIPELINE_DEFAULT | RENAMED | EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_PIPELINE_DEFAULT |
| EF_FLOW_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_PIPELINE_FINAL | RENAMED | EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_PIPELINE_FINAL |
| EF_FLOW_OUTPUT_OPENSEARCH_ADDRESSES | RENAMED | EF_OUTPUT_OPENSEARCH_ADDRESSES |
| EF_FLOW_OUTPUT_OPENSEARCH_USERNAME | RENAMED | EF_OUTPUT_OPENSEARCH_USERNAME |
| EF_FLOW_OUTPUT_OPENSEARCH_PASSWORD | RENAMED | EF_OUTPUT_OPENSEARCH_PASSWORD |
| EF_FLOW_OUTPUT_OPENSEARCH_CLIENT_CA_CERT_FILEPATH | RENAMED | EF_OUTPUT_OPENSEARCH_CLIENT_CA_CERT_FILEPATH |
| EF_FLOW_OUTPUT_OPENSEARCH_CLIENT_CERT_FILEPATH | RENAMED | EF_OUTPUT_OPENSEARCH_CLIENT_CERT_FILEPATH |
| EF_FLOW_OUTPUT_OPENSEARCH_CLIENT_KEY_FILEPATH | RENAMED | EF_OUTPUT_OPENSEARCH_CLIENT_KEY_FILEPATH |
| EF_FLOW_OUTPUT_OPENSEARCH_TLS_ENABLE | RENAMED | EF_OUTPUT_OPENSEARCH_TLS_ENABLE |
| EF_FLOW_OUTPUT_OPENSEARCH_TLS_SKIP_VERIFICATION | RENAMED | EF_OUTPUT_OPENSEARCH_TLS_SKIP_VERIFICATION |
| EF_FLOW_OUTPUT_OPENSEARCH_TLS_CA_CERT_FILEPATH | RENAMED | EF_OUTPUT_OPENSEARCH_TLS_CA_CERT_FILEPATH |
| EF_FLOW_OUTPUT_OPENSEARCH_RETRY_ENABLE | RENAMED | EF_OUTPUT_OPENSEARCH_RETRY_ENABLE |
| EF_FLOW_OUTPUT_OPENSEARCH_RETRY_ON_TIMEOUT_ENABLE | RENAMED | EF_OUTPUT_OPENSEARCH_RETRY_ON_TIMEOUT_ENABLE |
| EF_FLOW_OUTPUT_OPENSEARCH_MAX_RETRIES | RENAMED | EF_OUTPUT_OPENSEARCH_MAX_RETRIES |
| EF_FLOW_OUTPUT_OPENSEARCH_RETRY_BACKOFF | RENAMED | EF_OUTPUT_OPENSEARCH_RETRY_BACKOFF |
| ___ | NEW | EF_OUTPUT_OPENSEARCH_ALLOWED_RECORD_TYPES |
Splunk Output Options
The only change is that FLOW_ has been removed from the option names.
| 5.6.x Option | Status | Notes for 6.0 |
|---|---|---|
| EF_FLOW_OUTPUT_SPLUNK_HEC_ENABLE | RENAMED | EF_OUTPUT_SPLUNK_HEC_ENABLE |
| EF_FLOW_OUTPUT_SPLUNK_HEC_CIM_ENABLE | RENAMED | EF_OUTPUT_SPLUNK_HEC_CIM_ENABLE |
| EF_FLOW_OUTPUT_SPLUNK_HEC_ADDRESSES | RENAMED | EF_OUTPUT_SPLUNK_HEC_ADDRESSES |
| EF_FLOW_OUTPUT_SPLUNK_HEC_TOKEN | RENAMED | EF_OUTPUT_SPLUNK_HEC_TOKEN |
| EF_FLOW_OUTPUT_SPLUNK_HEC_BATCH_MAX_BYTES | RENAMED | EF_OUTPUT_SPLUNK_HEC_BATCH_MAX_BYTES |
| EF_FLOW_OUTPUT_SPLUNK_HEC_BATCH_DEADLINE | RENAMED | EF_OUTPUT_SPLUNK_HEC_BATCH_DEADLINE |
| EF_FLOW_OUTPUT_SPLUNK_HEC_TLS_ENABLE | RENAMED | EF_OUTPUT_SPLUNK_HEC_TLS_ENABLE |
| EF_FLOW_OUTPUT_SPLUNK_HEC_TLS_SKIP_VERIFICATION | RENAMED | EF_OUTPUT_SPLUNK_HEC_TLS_SKIP_VERIFICATION |
| EF_FLOW_OUTPUT_SPLUNK_HEC_TLS_CA_CERT_FILEPATH | RENAMED | EF_OUTPUT_SPLUNK_HEC_TLS_CA_CERT_FILEPATH |
| EF_FLOW_OUTPUT_SPLUNK_HEC_DROP_FIELDS | RENAMED | EF_OUTPUT_SPLUNK_HEC_DROP_FIELDS |
Kafka Output Options
The primary change is that FLOW_ has been removed from the option names.
| 5.6.x Option | Status | Notes for 6.0 |
|---|---|---|
| EF_FLOW_OUTPUT_KAFKA_ENABLE | RENAMED | EF_OUTPUT_KAFKA_ENABLE |
| EF_FLOW_OUTPUT_KAFKA_BROKERS | RENAMED | EF_OUTPUT_KAFKA_BROKERS |
| EF_FLOW_OUTPUT_KAFKA_VERSION | RENAMED | EF_OUTPUT_KAFKA_VERSION |
| EF_FLOW_OUTPUT_KAFKA_TOPIC | RENAMED | EF_OUTPUT_KAFKA_TOPIC |
| EF_FLOW_OUTPUT_KAFKA_CLIENT_ID | RENAMED | EF_OUTPUT_KAFKA_CLIENT_ID |
| EF_FLOW_OUTPUT_KAFKA_PARTITION_KEY | RENAMED | EF_OUTPUT_KAFKA_PARTITION_KEY |
| EF_FLOW_OUTPUT_KAFKA_RACK_ID | RENAMED | EF_OUTPUT_KAFKA_RACK_ID |
| EF_FLOW_OUTPUT_KAFKA_TIMEOUT | RENAMED | EF_OUTPUT_KAFKA_TIMEOUT |
| EF_FLOW_OUTPUT_KAFKA_SASL_ENABLE | RENAMED | EF_OUTPUT_KAFKA_SASL_ENABLE |
| EF_FLOW_OUTPUT_KAFKA_SASL_USERNAME | RENAMED | EF_OUTPUT_KAFKA_SASL_USERNAME |
| EF_FLOW_OUTPUT_KAFKA_SASL_PASSWORD | RENAMED | EF_OUTPUT_KAFKA_SASL_PASSWORD |
| EF_FLOW_OUTPUT_KAFKA_TLS_ENABLE | RENAMED | EF_OUTPUT_KAFKA_TLS_ENABLE |
| EF_FLOW_OUTPUT_KAFKA_TLS_CA_CERT_FILEPATH | RENAMED | EF_OUTPUT_KAFKA_TLS_CA_CERT_FILEPATH |
| EF_FLOW_OUTPUT_KAFKA_TLS_CERT_FILEPATH | RENAMED | EF_OUTPUT_KAFKA_TLS_CERT_FILEPATH |
| EF_FLOW_OUTPUT_KAFKA_TLS_KEY_FILEPATH | RENAMED | EF_OUTPUT_KAFKA_TLS_KEY_FILEPATH |
| EF_FLOW_OUTPUT_KAFKA_TLS_SKIP_VERIFICATION | RENAMED | EF_OUTPUT_KAFKA_TLS_SKIP_VERIFICATION |
| EF_FLOW_OUTPUT_KAFKA_PRODUCER_MAX_MESSAGE_BYTES | RENAMED | EF_OUTPUT_KAFKA_PRODUCER_MAX_MESSAGE_BYTES |
| EF_FLOW_OUTPUT_KAFKA_PRODUCER_REQUIRED_ACKS | RENAMED | EF_OUTPUT_KAFKA_PRODUCER_REQUIRED_ACKS |
| EF_FLOW_OUTPUT_KAFKA_PRODUCER_TIMEOUT | RENAMED | EF_OUTPUT_KAFKA_PRODUCER_TIMEOUT |
| EF_FLOW_OUTPUT_KAFKA_PRODUCER_COMPRESSION | RENAMED | EF_OUTPUT_KAFKA_PRODUCER_COMPRESSION |
| EF_FLOW_OUTPUT_KAFKA_PRODUCER_COMPRESSION_LEVEL | RENAMED | EF_OUTPUT_KAFKA_PRODUCER_COMPRESSION_LEVEL |
| EF_FLOW_OUTPUT_KAFKA_PRODUCER_FLUSH_BYTES | RENAMED | EF_OUTPUT_KAFKA_PRODUCER_FLUSH_BYTES |
| EF_FLOW_OUTPUT_KAFKA_PRODUCER_FLUSH_MESSAGES | RENAMED | EF_OUTPUT_KAFKA_PRODUCER_FLUSH_MESSAGES |
| EF_FLOW_OUTPUT_KAFKA_PRODUCER_FLUSH_FREQUENCY | RENAMED | EF_OUTPUT_KAFKA_PRODUCER_FLUSH_FREQUENCY |
| EF_FLOW_OUTPUT_KAFKA_PRODUCER_FLUSH_MAX_MESSAGES | RENAMED | EF_OUTPUT_KAFKA_PRODUCER_FLUSH_MAX_MESSAGES |
| EF_FLOW_OUTPUT_KAFKA_PRODUCER_RETRY_MAX | RENAMED | EF_OUTPUT_KAFKA_PRODUCER_RETRY_MAX |
| EF_FLOW_OUTPUT_KAFKA_PRODUCER_RETRY_BACKOFF | RENAMED | EF_OUTPUT_KAFKA_PRODUCER_RETRY_BACKOFF |
| EF_FLOW_OUTPUT_KAFKA_DROP_FIELDS | RENAMED | EF_OUTPUT_KAFKA_DROP_FIELDS |
| ___ | NEW | EF_OUTPUT_KAFKA_ALLOWED_RECORD_TYPES |
Cribl Stream Output Options
The only change is that FLOW_ has been removed from the option names.
| 5.6.x Option | Status | Notes for 6.0 |
|---|---|---|
| EF_FLOW_OUTPUT_CRIBL_ENABLE | RENAMED | EF_OUTPUT_CRIBL_ENABLE |
| EF_FLOW_OUTPUT_CRIBL_ADDRESSES | RENAMED | EF_OUTPUT_CRIBL_ADDRESSES |
| EF_FLOW_OUTPUT_CRIBL_TOKEN | RENAMED | EF_OUTPUT_CRIBL_TOKEN |
| EF_FLOW_OUTPUT_CRIBL_BATCH_DEADLINE | RENAMED | EF_OUTPUT_CRIBL_BATCH_DEADLINE |
| EF_FLOW_OUTPUT_CRIBL_BATCH_MAX_BYTES | RENAMED | EF_OUTPUT_CRIBL_BATCH_MAX_BYTES |
| EF_FLOW_OUTPUT_CRIBL_TLS_ENABLE | RENAMED | EF_OUTPUT_CRIBL_TLS_ENABLE |
| EF_FLOW_OUTPUT_CRIBL_TLS_SKIP_VERIFICATION | RENAMED | EF_OUTPUT_CRIBL_TLS_SKIP_VERIFICATION |
| EF_FLOW_OUTPUT_CRIBL_TLS_CA_CERT_FILEPATH | RENAMED | EF_OUTPUT_CRIBL_TLS_CA_CERT_FILEPATH |
| EF_FLOW_OUTPUT_CRIBL_DROP_FIELDS | RENAMED | EF_OUTPUT_CRIBL_DROP_FIELDS |
Generic HTTP Output Options
| 5.6.x Option | Status | Notes for 6.0 |
|---|---|---|
| ___ | NEW | EF_FLOW_OUTPUT_GENERIC_HTTP_ENABLE |
| ___ | NEW | EF_FLOW_OUTPUT_GENERIC_HTTP_ECS_ENABLE |
| ___ | NEW | EF_FLOW_OUTPUT_GENERIC_HTTP_BATCH_DEADLINE |
| ___ | NEW | EF_FLOW_OUTPUT_GENERIC_HTTP_BATCH_MAX_BYTES |
| ___ | NEW | EF_FLOW_OUTPUT_GENERIC_HTTP_ADDRESSES |
| ___ | NEW | EF_FLOW_OUTPUT_GENERIC_HTTP_USERNAME |
| ___ | NEW | EF_FLOW_OUTPUT_GENERIC_HTTP_PASSWORD |
| ___ | NEW | EF_FLOW_OUTPUT_GENERIC_HTTP_TLS_ENABLE |
| ___ | NEW | EF_FLOW_OUTPUT_GENERIC_HTTP_TLS_SKIP_VERIFICATION |
| ___ | NEW | EF_FLOW_OUTPUT_GENERIC_HTTP_TLS_CA_CERT_FILEPATH |
| ___ | NEW | EF_FLOW_OUTPUT_GENERIC_HTTP_DROP_FIELDS |
| ___ | NEW | EF_FLOW_OUTPUT_GENERIC_HTTP_TIMESTAMP_SOURCE |
RiskIQ Output Options
The only change is that FLOW_ has been removed from the option names.
| 5.6.x Option | Status | Notes for 6.0 |
|---|---|---|
| EF_FLOW_OUTPUT_RISKIQ_ENABLE | RENAMED | EF_OUTPUT_RISKIQ_ENABLE |
| EF_FLOW_OUTPUT_RISKIQ_HOST | RENAMED | EF_OUTPUT_RISKIQ_HOST |
| EF_FLOW_OUTPUT_RISKIQ_PORT | RENAMED | EF_OUTPUT_RISKIQ_PORT |
| EF_FLOW_OUTPUT_RISKIQ_CUSTOMER_UUID | RENAMED | EF_OUTPUT_RISKIQ_CUSTOMER_UUID |
| EF_FLOW_OUTPUT_RISKIQ_CUSTOMER_ENCRYPTION_KEY | RENAMED | EF_OUTPUT_RISKIQ_CUSTOMER_ENCRYPTION_KEY |