Field renaming


Sorry cant find this, but when did id_resp_h become id.resp_h?
And well for the rest (renamed _ to . )
Looked through changelog.


It has always been id.resp_h, you must have had this in your
configuration at one point:

    redef Log::default_scope_sep = "_";

Are you using JSON logs? I think JSON logs use an underscore because the dot notation conflicts with a JSON object.

I don’t think that’s the case? I use json and have the dot notation too. At least, that’s what I get with my Corelight, Security Onion, and RockNSM installations. I don’t think they are changing anything?



We had an older ta which had the id_resp, that’s why I was wondering if it changed cause all I see more is the id.resp