[Bro] host field
daniel.guerra69 at gmail.com
Wed Oct 5 23:47:00 PDT 2016
It works perfect ! I have the git version running with
elastic 2.4 (2.5 gave some trouble again) without
my nasty JSON.cc patch.
> On 05 Oct 2016, at 04:46, Seth Hall <seth at icir.org> wrote:
>> On Oct 4, 2016, at 12:32 PM, Michael Shirk <shirkdog.bsd at gmail.com> wrote:
>> Seth, in 2.5 is this the way to make elastic happy, so you can rename 'id.orig_h' natively to whatever you want in Bro (minus the dots)?
> The way to make elasticsearch happy is probably this...
> redef Log::default_scope_sep = "_";
> It changes all of the periods in field names to anything you want (underscore in this case).
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> Bro mailing list
> bro at bro-ids.org
More information about the Bro