[Bro] rename field on a per analyzer basis

[erik clark]

How can I rename a field based on the analyzer? For example:

smtp.log:path          -> smtp.log->smtp_path
smb_files.log:path   -> smb_files.log:smb_path

Currently I am using default map, but this does it for all analyzers:

redef Log::default_field_name_map = {        ["path"]      = "smb_path",
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180816/0cdb4ed9/attachment.html