[Zeek] zeek ts conversion
Seth Hall
seth at corelight.com
Thu Oct 31 05:08:40 PDT 2019
In local.bro, add the following line...
```bro
redef LogAscii::json_timestamps = JSON::TS_ISO8601;
```
That should make your log have timestamps in ISO8601 time format which
most systems natively recognize and understand.
.Seth
On 29 Oct 2019, at 23:31, venkatesh bandari wrote:
> Hello team,
>
> we are doing a zeek poc.iam doing the integration with splunk.in the
> spunk
> logs i see the ts value which is not in human readable
> format.zeek-cut/bro-cut on the box can be used to convert ts to human
> readable format using -d
>
> the question is how can i do this before sending the json logs to
> splunk.is
> there a way
>
> Thanks
> Venkatesh
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
--
Seth Hall * Corelight, Inc * www.corelight.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20191031/499c4e61/attachment.html
More information about the Zeek
mailing list