Hi,
I'm trying to use a processor to drop events when "final" = false (I have flows enabled).
I've tried these processors:
but no one of them work. I'm not understanding how to filter on boolean value.
wow... there is really to much to learn.
by the way, in the .yml template I found this comment:
Configure reporting period. If set to -1, only killed flows will be reported
which is really clear. but, can you explain to me, for example, what does it mean if I set
period: 10s
value?
When period is >0 then you will get non-final events that give a summary of the flow up to that point in time.
BTW there is a new doc page for flows: https://www.elastic.co/guide/en/beats/packetbeat/master/flows.html
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.