[Zeek] zeek ts conversion
venkatesh bandari
austin522 at gmail.com
Fri Nov 1 04:17:35 PDT 2019
Thank you Seth
On Thu, 31 Oct 2019 at 8:08 PM, Seth Hall <seth at corelight.com> wrote:
> In local.bro, add the following line...
>
> redef LogAscii::json_timestamps = JSON::TS_ISO8601;
>
> That should make your log have timestamps in ISO8601 time format which
> most systems natively recognize and understand.
>
> .Seth
>
> On 29 Oct 2019, at 23:31, venkatesh bandari wrote:
>
> Hello team,
>
> we are doing a zeek poc.iam doing the integration with splunk.in the spunk
> logs i see the ts value which is not in human readable
> format.zeek-cut/bro-cut on the box can be used to convert ts to human
> readable format using -d
>
> the question is how can i do this before sending the json logs to
> splunk.is
> there a way
>
> Thanks
> Venkatesh
>
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
>
> --
> Seth Hall * Corelight, Inc * www.corelight.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20191101/f5b2d9e9/attachment.html
More information about the Zeek
mailing list