[Bro] Elasticsearch 2.0 dot problem
Daniel Guerra
daniel.guerra69 at gmail.com
Mon Nov 16 17:55:28 PST 2015
Elasticsearch 2.0 doesn’t accept dots in fieldnames. Bro writes fieldnames with dots.
As a result bro data can not be written to Elasticsearch 2.0.
I have made 2 very small patches to bro/src/threading/formatters/JSON.h and
bro/src/threading/formatters/JSON.cc that solves this problem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: JSON.cc.patch
Type: application/octet-stream
Size: 120 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20151117/9e225306/attachment.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: JSON.h.patch
Type: application/octet-stream
Size: 31 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20151117/9e225306/attachment-0001.obj
-------------- next part --------------
Regards,
Daniel
More information about the Bro
mailing list