The Decoder can natively capture flow data from NetFlow generators. NetFlow support is implemented as a capture device named flow_events. Currently, only NetFlow V5 is supported.
By default, the Decoder listens for flow data on port 9995. This is configurable by modifying the /decoder/config/capture.device.params settings in the Decoder's Explorer view, and specifying the port using the port parameter (for example, port=2225). Changing the port does not take affect until capture is restarted.
The Decoder maps NetFlow field values to meta keys as shown in the following table:
NetFlow V5 Header