Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
securityonion-elastic: update parsers for Zeek 3 #1680
As we migrate to Zeek 3, some log formats have changed, so we need to update our parsers accordingly:
This also means that we need to add the following fields to the template:
Reference the Zeek 3.0.0 section here:
We need to make sure all 3 parsing pipelines are updated and tested:
Perhaps you're looking at an existing index that was created with the old template and the next day's index will be created with the new template?