From 9409a5a49aecb2f12d645b5a34523536d225099e Mon Sep 17 00:00:00 2001
From: Shivani Bhardwaj <shivani@oisf.net>
Date: Wed, 2 Apr 2025 14:47:21 +0530
Subject: [PATCH] doc: update configuration with flow rate-tracking

Feature 5647
---
 doc/userguide/configuration/suricata-yaml.rst | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/doc/userguide/configuration/suricata-yaml.rst b/doc/userguide/configuration/suricata-yaml.rst
index 1d8047e1e2..e79db42627 100644
--- a/doc/userguide/configuration/suricata-yaml.rst
+++ b/doc/userguide/configuration/suricata-yaml.rst
@@ -1101,7 +1101,11 @@ what to do in case memcap is hit: 'drop-packet', 'pass-packet', 'reject', or
     memcap-policy: bypass         #How to handle the flow if memcap is reached (IPS mode)
     hash-size: 65536              #Flows will be organized in a hash-table. With this option you can set the
                                   #size of the hash-table.
-    Prealloc: 10000               #The amount of flows Suricata has to keep ready in memory.
+    prealloc: 10000               #The amount of flows Suricata has to keep ready in memory.
+    rate-tracking:                #Enable tracking of flows by the following rate definition; mark them
+                                  #as elephant flows if they exceed the defined rate. Disabled by default.
+      bytes: 1GiB                 #Number of bytes to track
+      interval: 10                #Time interval in seconds for which tracking should be done
 
 At the point the memcap will still be reached, despite prealloc, the
 flow-engine goes into the emergency-mode. In this mode, the engine
-- 
2.47.2