[Bro] Elasticsearch 2.0 dot problem

Robin Sommer robin at icir.org
Tue Nov 17 07:54:14 PST 2015


Mind filing this as a ticket on tracker.bro.org with the pathces
attached? Thanks,

Robin

On Tue, Nov 17, 2015 at 02:55 +0100, Daniel Guerra wrote:

> Elasticsearch 2.0 doesn’t accept dots in fieldnames. Bro writes fieldnames with dots.
> As a result bro data can not be written to Elasticsearch 2.0.
> I have made 2 very small patches to bro/src/threading/formatters/JSON.h and 
> bro/src/threading/formatters/JSON.cc that solves this problem.



> 
> 
> Regards,
> 
> Daniel
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro



-- 
Robin Sommer * ICSI/LBNL * robin at icir.org * www.icir.org/robin


More information about the Bro mailing list