[Bro] host field
Daniel Guerra
daniel.guerra69 at gmail.com
Wed Oct 5 23:47:00 PDT 2016
Hi Seth,
It works perfect ! I have the git version running with
elastic 2.4 (2.5 gave some trouble again) without
my nasty JSON.cc patch.
Regards,
Daniel
> On 05 Oct 2016, at 04:46, Seth Hall <seth at icir.org> wrote:
>
>
>> On Oct 4, 2016, at 12:32 PM, Michael Shirk <shirkdog.bsd at gmail.com> wrote:
>>
>> Seth, in 2.5 is this the way to make elastic happy, so you can rename 'id.orig_h' natively to whatever you want in Bro (minus the dots)?
>
> The way to make elasticsearch happy is probably this...
> redef Log::default_scope_sep = "_";
>
> It changes all of the periods in field names to anything you want (underscore in this case).
>
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list