<div dir="ltr">Now that this patch is merged (thanks again) I've upgraded my Zeek script and the record_fields changes work great. <div><br></div><div>I still have one outstanding issue which is that for a container type, record_field$type_name is just the container name (such as "vector" or "set"). I don't see a way to get the type of the container elements from zeek script, but once again would be delighted to be corrected. </div><div><br></div><div>And if there's currently no way, I'm happy to put up a PR, but I could use some guidance on how to expose this in Zeek (e.g. a new field on record_field?).</div><div><br></div><div>Thanks,</div><div>Henri</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, 1 Nov 2019 at 20:53, Jon Siwek <<a href="mailto:jsiwek@corelight.com">jsiwek@corelight.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Fri, Nov 1, 2019 at 4:11 AM Henri Dubois-Ferriere <<a href="mailto:henridf@gmail.com" target="_blank">henridf@gmail.com</a>> wrote:<br>
<br>
> I'd like to be able to peek into nested records to get the inner fields that will show up in the logs. It doesn't seem like there's a way to do record introspection given a string representation of the record type name, but if I'd be delighted to be told I'm missing something.<br>
<br>
No, didn't look like there was a way to do that, but I've made a<br>
PR/patch that should make recursive introspection possible via<br>
something like `record_fields("conn_id")` for any arbitrary record<br>
type name:<br>
<br>
<a href="https://github.com/zeek/zeek/pull/675" rel="noreferrer" target="_blank">https://github.com/zeek/zeek/pull/675</a><br>
<br>
- Jon<br>
</blockquote></div>