Elasticsearch 2.0 dot problem

Daniel_Guerra · November 17, 2015, 1:55am

Elasticsearch 2.0 doesn’t accept dots in fieldnames. Bro writes fieldnames with dots.
As a result bro data can not be written to Elasticsearch 2.0.
I have made 2 very small patches to bro/src/threading/formatters/JSON.h and
bro/src/threading/formatters/JSON.cc that solves this problem.

JSON.cc.patch (120 Bytes)

JSON.h.patch (31 Bytes)

robin · November 17, 2015, 3:54pm

Mind filing this as a ticket on tracker.bro.org with the pathces
attached? Thanks,

Robin

Daniel_Guerra · November 17, 2015, 7:39pm

Do I have access to that ?

Topic		Replies	Views
Bro Elasticsearch 2+ Zeek	4	78	May 6, 2022
Version: 2.0-907 -- Bro manager memory exhaustion Development development	2	65	May 6, 2022
Version: 2.0-907 -- Bro manager memory exhaustion Development development	4	54	May 6, 2022
Bro 2.0 Beta is out! Zeek	8	69	May 6, 2022
- recommended DB for Bro logs Zeek	11	77	May 6, 2022

Elasticsearch 2.0 dot problem

Related Topics