[Bro] Bro dot problem

Tim Desrochers tgdesrochers at gmail.com
Wed Dec 23 13:36:17 PST 2015


In logstash/elasticsearch there is a de_dot filter that works quite well.
It has its bugs but it will get the work done.

See link:
https://www.elastic.co/guide/en/logstash/current/plugins-filters-de_dot.html
On Dec 23, 2015 4:24 PM, "Vito Logrillo" <vitologrillo at gmail.com> wrote:

> Hi all,
> as you known, Elasticsearch is unable to menage fields with a dot
> separator.
> Until now I've used the Bro json output: the output logs were sent to
> Elastich through Logstash; from Elasticsearch 2.0 this is not
> possible.
> Is there a way to substitute a dot with another character?
> Thanks,
> Vito
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20151223/de03a9ce/attachment.html 


More information about the Bro mailing list