[Bro] Elasticsearch 2.0 dot problem
daniel.guerra69 at gmail.com
Tue Nov 17 11:39:03 PST 2015
Do I have access to that ?
> On 17 Nov 2015, at 16:54, Robin Sommer <robin at icir.org> wrote:
> Mind filing this as a ticket on tracker.bro.org with the pathces
> attached? Thanks,
> On Tue, Nov 17, 2015 at 02:55 +0100, Daniel Guerra wrote:
>> Elasticsearch 2.0 doesn’t accept dots in fieldnames. Bro writes fieldnames with dots.
>> As a result bro data can not be written to Elasticsearch 2.0.
>> I have made 2 very small patches to bro/src/threading/formatters/JSON.h and
>> bro/src/threading/formatters/JSON.cc that solves this problem.
>> Bro mailing list
>> bro at bro-ids.org
> Robin Sommer * ICSI/LBNL * robin at icir.org * www.icir.org/robin
More information about the Bro