[Bro] Elasticsearch 2.0 dot problem
robin at icir.org
Tue Nov 17 07:54:14 PST 2015
Mind filing this as a ticket on tracker.bro.org with the pathces
On Tue, Nov 17, 2015 at 02:55 +0100, Daniel Guerra wrote:
> Elasticsearch 2.0 doesn’t accept dots in fieldnames. Bro writes fieldnames with dots.
> As a result bro data can not be written to Elasticsearch 2.0.
> I have made 2 very small patches to bro/src/threading/formatters/JSON.h and
> bro/src/threading/formatters/JSON.cc that solves this problem.
> Bro mailing list
> bro at bro-ids.org
Robin Sommer * ICSI/LBNL * robin at icir.org * www.icir.org/robin
More information about the Bro