Flows

edit

The flows section of the packetbeat.yml config file contains configuration options for bidirectional network flows. If section is missing from configuration file, network flows are disabled.

packetbeat.flows:
  timeout: 30s
  period: 10s

See Configuring Flows to Monitor Network Traffic for more information.

Options

edit

You can specify the following options in the flows section of the packetbeat.yml config file:

enabled

edit

Enables flows support if set to true. Set to false to disable network flows support without having to delete or comment out the flows section. The default value is true.

timeout

edit

Timeout configures the lifetime of a flow. If no packets have been received for a flow within the timeout time window, the flow is killed and reported. The default value is 30s.

period

edit

Configure the reporting interval. All flows are reported at the very same point in time. Periodical reporting can be disabled by setting the value to -1. If disabled, flows are still reported once being timed out. The default value is 10s.