[Bro] Elasticsearch 2.0 dot problem
Daniel Guerra
daniel.guerra69 at gmail.com
Tue Nov 17 11:39:03 PST 2015
Do I have access to that ?
> On 17 Nov 2015, at 16:54, Robin Sommer <robin at icir.org> wrote:
>
> Mind filing this as a ticket on tracker.bro.org with the pathces
> attached? Thanks,
>
> Robin
>
> On Tue, Nov 17, 2015 at 02:55 +0100, Daniel Guerra wrote:
>
>> Elasticsearch 2.0 doesn’t accept dots in fieldnames. Bro writes fieldnames with dots.
>> As a result bro data can not be written to Elasticsearch 2.0.
>> I have made 2 very small patches to bro/src/threading/formatters/JSON.h and
>> bro/src/threading/formatters/JSON.cc that solves this problem.
>
>
>
>>
>>
>> Regards,
>>
>> Daniel
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
>
>
> --
> Robin Sommer * ICSI/LBNL * robin at icir.org * www.icir.org/robin
More information about the Bro
mailing list