The TCP flag in the suricata output file(eve.json) does not match the actual situation

I use nmap for sA scanning
The following are the data packets in Wireshark

The following is the content of eve.json

I want to know why the TCP flag in Wireshark is ack,but the TCP flag in Eve.log is “00”

Do you have midstream enabled? Packets with SYN/ACK will not lead to a TcpSession set up otherwise, and this logging depends on that. We should probably just not log the field in this case.

Thank you for your reply!I have found the location of the configuration,but I am not familiar with how to configure this part.May I ask how I can modify the content of midstream to solve my problem?
I have set midstream to true here