Just curious what version of Zeek is going to have the ECS mapping ?
Thank you,
Just curious what version of Zeek is going to have the ECS mapping ?
Thank you,
Hi Don,
Assuming you’re using Filebeat’s Zeek module, it looks like ECS mapping is supported as of Zeek 2.6.1 (https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-zeek.html). This Github PR (https://github.com/elastic/beats/pull/17738) references an update to the Zeek module to support ECS 1.5 (latest).
I have Zeek 3.1.4 sending logs to Elasticsearch 7.8 and can confirm that fields appear to be mapped properly.
Hope that helps!
Eric
ericooi.com