dox/userguide: add tx_cnt documentation

author Eric Leblond <el@stamus-networks.com>

Sun, 30 Mar 2025 15:24:35 +0000 (17:24 +0200)

committer Victor Julien <victor@inliniac.net>

Fri, 18 Apr 2025 10:52:21 +0000 (12:52 +0200)
author Eric Leblond <el@stamus-networks.com>
Sun, 30 Mar 2025 15:24:35 +0000 (17:24 +0200)
committer Victor Julien <victor@inliniac.net>
Fri, 18 Apr 2025 10:52:21 +0000 (12:52 +0200)
diff --git a/doc/userguide/output/eve/eve-json-format.rst b/doc/userguide/output/eve/eve-json-format.rst

index 7f76c6972bc18fa6f675d26d9f7b7368b60588e5..710225aabc50bb5dc1f18737e8338085a9276a08 100644 (file)
--- a/doc/userguide/output/eve/eve-json-format.rst
+++ b/doc/userguide/output/eve/eve-json-format.rst
@@ -1691,6 +1691,7 @@ Fields
  * "reason": mechanism that did trigger the end of the flow (include "timeout", "forced" and "shutdown")
  * "alerted": "true" or "false" depending if an alert has been seen on flow
  * "action": "pass" or "drop" depending if flow was PASS'ed or DROP'ed (no present if none)
+* "tx_cnt": number of transactions seen in the flow (only present if flow has an application layer)
  * "exception_policy": array consisting of exception policies that have been triggered by
    the flow:
author	Eric Leblond <el@stamus-networks.com>
	Sun, 30 Mar 2025 15:24:35 +0000 (17:24 +0200)
committer	Victor Julien <victor@inliniac.net>
	Fri, 18 Apr 2025 10:52:21 +0000 (12:52 +0200)