[Zeek] Field renaming
Vlad Grigorescu
vlad at es.net
Wed Jun 12 08:54:02 PDT 2019
Are you using JSON logs? I think JSON logs use an underscore because the
dot notation conflicts with a JSON object.
On Wed, Jun 12, 2019 at 1:05 PM Justin Azoff <justin at corelight.com> wrote:
> On Wed, Jun 12, 2019 at 2:30 AM David Decker <x.faith at gmail.com> wrote:
> >
> > Zeek
> >
> > Sorry cant find this, but when did id_resp_h become id.resp_h?
> > And well for the rest (renamed _ to . )
> > Looked through changelog.
>
> It has always been id.resp_h, you must have had this in your
> configuration at one point:
>
> redef Log::default_scope_sep = "_";
>
>
> --
> Justin
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190612/89bba0b3/attachment.html
More information about the Zeek
mailing list