Move Zeek docs to Integrations area

CHANGELOG.md

@@ -248,7 +248,7 @@ questions.
 * Add an `unflatten()` function that turns fields with dot-separated names into fields of nested records (#2277)
 * Fix an issue where querying an index in a Zed lake did not return all matched records (#2273)
 * Accept type definition names and aliases in shaper functions (#2289)
-* Add a reference [shaper for Zeek data](zeek/Shaping-Zeek-NDJSON.md) (#2300, #2368, #2448, #2489, #2601)
+* Add a reference [shaper for Zeek data](docs/integrations/zeek/shaping-zeek-ndjson.md) (#2300, #2368, #2448, #2489, #2601)
 * Fix an issue where accessing a `null` array element in a `by` grouping caused a panic (#2310)
 * Add support for parsing timestamps with offset format `±[hh][mm]` (#2297)
 * Remove cropping from `shape()` (#2309)
@@ -326,7 +326,7 @@ questions.
 * Fix an issue where `len()` of a `null` array was evaluating to something greater than zero (#2761)
 * Fix an issue where `sort` with no fields was ignoring alias types and nested fields when picking a sort field (#2762)
 * Fix an issue where unexpected `cut: no record found` warnings were returned by `zed lake query` but not when the same data was queried via `zq` (#2764)
-* Move and extend the [Zeek interoperability docs](zeek/README.md) (#2770, #2782, #2830)
+* Move and extend the [Zeek interoperability docs](docs/integrations/zeek/README.md) (#2770, #2782, #2830)
 * Create endpoints in the Zed lake service API that correspond to underlying Zed lake operations, and expose them via `zapi` commands (#2741, #2774, #2786, #2775, #2794, #2795, #2796, #2920, #2925, #2928)
 * Fix an issue where `zq` would surface a syntax error when reading ZSON it had sent as output (#2792)
 * Add an `/events` endpoint to the API, which can be used by clients such as the Brim app to be notified of pool updates (#2791)
@@ -365,7 +365,7 @@ questions.
 * Fix an issue where temporary spill-to-disk directories were not being deleted upon exit (#3009, #3010)
 * Fix a ZSON issue with `union` types with alias decorators (#3015, #3016)
 * The ZSON format has been changed such that integer type IDs are no longer output (#3017)
-* Update the reference Zed shaper for Zeek ([shaper](zeek/shaper.zed), [docs](zeek/Shaping-Zeek-NDJSON.md)) to reflect changes in Zeek release v4.1.0 (#3021)
+* Update the reference Zed shaper for Zeek ([docs](docs/integrations/zeek/shaping-zeek-ndjson.md)) to reflect changes in Zeek release v4.1.0 (#3021)
 * Fix an issue where backslash escapes in Zed regular expressions were not accepted (#3040)
 * The ZST format has been updated to work for typedef'd outer records (#3047)
 * Fix an issue where an empty string could not be output as a JSON field name (#3054)
@@ -416,7 +416,7 @@ questions.
 
 * zqd: Update Zeek pointer to [v3.2.1-brim9](https://github.com/brimdata/zeek/releases/tag/v3.2.1-brim9) which provides the latest [geolocation](https://github.com/brimdata/brim/wiki/Geolocation) data (#2010)
 * zqd: Update Suricata pointer to [v5.0.3-brim1](https://github.com/brimdata/build-suricata/releases/tag/v5.0.3-brim1) which disables checksum checks, allowing for alert creation on more types of pcaps (#1975)
-* ZSON: Update [Zeek Interoperability doc](zeek/Data-Type-Compatibility.md) to include current ZSON syntax (#1956)
+* ZSON: Update [Zeek Interoperability doc](docs/integrations/zeek/data-type-compatibility.md) to include current ZSON syntax (#1956)
 * zq: Ensure the output from the [`fuse`](docs/language/operators/fuse.md) operator is deterministic (#1958)
 * zq: Fix an issue where the presence of the Greek µ character caused a ZSON read parsing error (#1967)
 * zqd: Fix an issue where Zeek events generated during pcap import and written to an archivestore were only visible after ingest completion (#1973)
@@ -500,7 +500,7 @@ questions.
 
 ## v0.23.0
 * zql: Add `week` as a unit for [time grouping with `every`](docs/language/functions/every.md) (#1374)
-* zq: Fix an issue where a `null` value in a [JSON type definition](zeek/README.md) caused a failure without an error message (#1377)
+* zq: Fix an issue where a `null` value in a [JSON type definition](docs/integrations/zeek/README.md) caused a failure without an error message (#1377)
 * zq: Add [`zst` format](docs/formats/vng.md) to `-i` and `-f` command-line help (#1384)
 * zq: ZNG spec and `zq` updates to introduce the beta ZNG storage format (#1375, #1415, #1394, #1457, #1512, #1523, #1529), also addressing the following:
    * New data type `bytes` for storing sequences of bytes encoded as base64 (#1315)
@@ -516,11 +516,11 @@ questions.
 * zqd: Check and convert alpha ZNG filestores to beta ZNG (#1574, #1576)
 * zq: Fix an issue where spill-to-disk file names could collide (#1391)
 * zq: Allow the [`fuse` operator](docs/language/operators/fuse.md) to spill-to-disk to avoid memory limitations (#1355, #1402)
-* zq: No longer require `_path` as a first column in a [JSON type definition](zeek/README.md) (#1370)
+* zq: No longer require `_path` as a first column in a [JSON type definition](docs/integrations/zeek/README.md) (#1370)
 * zql: Improve ZQL docs for [aggregate functions](docs/language/operators/summarize.md) and grouping (#1385)
 * zql: Point links for developer docs at [pkg.go.dev](https://pkg.go.dev/) instead of [godoc.org](https://godoc.org/) (#1401)
 * zq: Add support for timestamps with signed timezone offsets (#1389)
-* zq: Add a [JSON type definition](zeek/README.md) for alert events in [Suricata EVE logs](https://suricata.readthedocs.io/en/suricata-5.0.2/output/eve/eve-json-output.html) (#1400)
+* zq: Add a [JSON type definition](docs/integrations/zeek/README.md) for alert events in [Suricata EVE logs](https://suricata.readthedocs.io/en/suricata-5.0.2/output/eve/eve-json-output.html) (#1400)
 * zq: Update the [ZNG over JSON (ZJSON)](docs/formats/zjson.md) spec and implementation (#1299)
 * zar: Use buffered streaming for archive import (#1397)
 * zq: Add an `ast` command that prints parsed ZQL as its underlying JSON object (#1416)
@@ -652,7 +652,7 @@ questions.
 * zql: Group-by no longer emits records in "deterministic but undefined" order (#914)
 * zqd: Revise constraints on Space names (#853, #926, #944, #945)
 * zqd: Fix an issue where a file replacement race could cause an "access is denied" error in Brim during pcap import (#925)
-* zng: Revise [Zeek compatibility](zeek/Data-Type-Compatibility.md) doc (#919)
+* zng: Revise [Zeek compatibility](docs/integrations/zeek/data-type-compatibility.md) doc (#919)
 * zql: Clarify [`cut` operator documentation](docs/language/operators/cut.md) (#924)
 * zqd: Fix an issue where an invalid 1970 Space start time could be created in Brim during pcap import (#938)
 

zeek/README.md → docs/integrations/zeek/README.md

@@ -5,6 +5,6 @@ with logs from the [Zeek](https://zeek.org/) open source network security
 monitoring tool. Depending on how you use Zeek, one or more of the following
 docs may be of interest to you.
 
-* [Reading Zeek Log Formats](Reading-Zeek-Log-Formats.md)
-* [Zed/Zeek Data Type Compatibility](Data-Type-Compatibility.md)
-* [Shaping Zeek NDJSON](Shaping-Zeek-NDJSON.md)
+* [Reading Zeek Log Formats](reading-zeek-log-formats.md)
+* [Zed/Zeek Data Type Compatibility](data-type-compatibility.md)
+* [Shaping Zeek NDJSON](shaping-zeek-ndjson.md)

docs/integrations/zeek/_category_.yaml

@@ -0,0 +1,2 @@
+position: 3
+label: Zeek

zeek/Data-Type-Compatibility.md → docs/integrations/zeek/data-type-compatibility.md

@@ -1,37 +1,29 @@
-# Zed/Zeek Data Type Compatibility
-
-- [Introduction](#introduction)
-- [Equivalent Types](#equivalent-types)
-- [Example](#example)
-- [Type-Specific Details](#type-specific-details)
-  * [`double`](#double)
-  * [`enum`](#enum)
-  * [`port`](#port)
-  * [`set`](#set)
-  * [`string`](#string)
-  * [`record`](#record)
+---
+sidebar_position: 2
+sidebar_label: Zed/Zeek Data Type Compatibility
+---
 
-## Introduction
+# Zed/Zeek Data Type Compatibility
 
 As the Zed data model was in many ways inspired by the
 [Zeek TSV log format](https://docs.zeek.org/en/master/log-formats.html#zeek-tsv-format-logs),
-the rich Zed storage formats ([ZSON](../docs/formats/zson.md),
-[ZNG](../docs/formats/zng.md), etc.) maintain comprehensive interoperability
+the rich Zed storage formats ([ZSON](../../formats/zson.md),
+[ZNG](../../formats/zng.md), etc.) maintain comprehensive interoperability
 with Zeek. When Zeek is configured to output its logs in
 NDJSON format, much of the rich type information is lost in translation, but
-this can be restored by following the guidance for [shaping Zeek NDJSON](Shaping-Zeek-NDJSON.md).
+this can be restored by following the guidance for [shaping Zeek NDJSON](shaping-zeek-ndjson.md).
 On the other hand, Zeek TSV can be converted to Zed storage formats and back to
 Zeek TSV without any loss of information.
 
 This document describes how the Zed type system is able to represent each of
 the types that may appear in Zeek logs.
 
-Tools like [`zq`](https://github.com/brimdata/zed) and
-[Zui](https://github.com/brimdata/zui) maintain an internal Zed-typed
+Tools like [`zq`](../../commands/zq.md) and
+[Zui](https://zui.brimdata.io/) maintain an internal Zed-typed
 representation of any Zeek data that is read or imported. Therefore, knowing
 the equivalent types will prove useful when performing operations in the
-[Zed language](../docs/language/README.md) such as
-[type casting](../docs/language/README.md#data-types) or looking at the data
+[Zed language](../../language/README.md) such as
+[type casting](../../language/data-types.md) or looking at the data
 when output as ZSON.
 
 ## Equivalent Types
@@ -45,20 +37,20 @@ applicable to handling certain types.
 
 | Zeek Type  | Zed Type   | Additional Detail |
 |------------|------------|-------------------|
-| [`bool`](https://docs.zeek.org/en/current/script-reference/types.html#type-bool)         | [`bool`](../docs/formats/zson.md#33-primitive-values)     | |
-| [`count`](https://docs.zeek.org/en/current/script-reference/types.html#type-count)       | [`uint64`](../docs/formats/zson.md#33-primitive-values)   | |
-| [`int`](https://docs.zeek.org/en/current/script-reference/types.html#type-int)           | [`int64`](../docs/formats/zson.md#33-primitive-values)    | |
-| [`double`](https://docs.zeek.org/en/current/script-reference/types.html#type-double)     | [`float64`](../docs/formats/zson.md#33-primitive-values)  | See [`double` details](#double) |
-| [`time`](https://docs.zeek.org/en/current/script-reference/types.html#type-time)         | [`time`](../docs/formats/zson.md#33-primitive-values)     | |
-| [`interval`](https://docs.zeek.org/en/current/script-reference/types.html#type-interval) | [`duration`](../docs/formats/zson.md#33-primitive-values) | |
-| [`string`](https://docs.zeek.org/en/current/script-reference/types.html#type-string)     | [`string`](../docs/formats/zson.md#33-primitive-values) | See [`string` details about escaping](#string) |
-| [`port`](https://docs.zeek.org/en/current/script-reference/types.html#type-port)         | [`uint16`](../docs/formats/zson.md#33-primitive-values)   | See [`port` details](#port) |
-| [`addr`](https://docs.zeek.org/en/current/script-reference/types.html#type-addr)         | [`ip`](../docs/formats/zson.md#33-primitive-values)       | |
-| [`subnet`](https://docs.zeek.org/en/current/script-reference/types.html#type-subnet)     | [`net`](../docs/formats/zson.md#33-primitive-values)      | |
-| [`enum`](https://docs.zeek.org/en/current/script-reference/types.html#type-enum)         | [`string`](../docs/formats/zson.md#33-primitive-values)   | See [`enum` details](#enum) |
-| [`set`](https://docs.zeek.org/en/current/script-reference/types.html#type-set)           | [`set`](../docs/formats/zson.md#343-set-value)       | See [`set` details](#set) |
-| [`vector`](https://docs.zeek.org/en/current/script-reference/types.html#type-vector)     | [`array`](../docs/formats/zson.md#342-array-value)   | |
-| [`record`](https://docs.zeek.org/en/current/script-reference/types.html#type-record)     | [`record`](../docs/formats/zson.md#341-record-value) | See [`record` details](#record) |
+| [`bool`](https://docs.zeek.org/en/current/script-reference/types.html#type-bool)         | [`bool`](../../formats/zson.md#23-primitive-values)     | |
+| [`count`](https://docs.zeek.org/en/current/script-reference/types.html#type-count)       | [`uint64`](../../formats/zson.md#23-primitive-values)   | |
+| [`int`](https://docs.zeek.org/en/current/script-reference/types.html#type-int)           | [`int64`](../../formats/zson.md#23-primitive-values)    | |
+| [`double`](https://docs.zeek.org/en/current/script-reference/types.html#type-double)     | [`float64`](../../formats/zson.md#23-primitive-values)  | See [`double` details](#double) |
+| [`time`](https://docs.zeek.org/en/current/script-reference/types.html#type-time)         | [`time`](../../formats/zson.md#23-primitive-values)     | |
+| [`interval`](https://docs.zeek.org/en/current/script-reference/types.html#type-interval) | [`duration`](../../formats/zson.md#23-primitive-values) | |
+| [`string`](https://docs.zeek.org/en/current/script-reference/types.html#type-string)     | [`string`](../../formats/zson.md#23-primitive-values) | See [`string` details about escaping](#string) |
+| [`port`](https://docs.zeek.org/en/current/script-reference/types.html#type-port)         | [`uint16`](../../formats/zson.md#23-primitive-values)   | See [`port` details](#port) |
+| [`addr`](https://docs.zeek.org/en/current/script-reference/types.html#type-addr)         | [`ip`](../../formats/zson.md#23-primitive-values)       | |
+| [`subnet`](https://docs.zeek.org/en/current/script-reference/types.html#type-subnet)     | [`net`](../../formats/zson.md#23-primitive-values)      | |
+| [`enum`](https://docs.zeek.org/en/current/script-reference/types.html#type-enum)         | [`string`](../../formats/zson.md#23-primitive-values)   | See [`enum` details](#enum) |
+| [`set`](https://docs.zeek.org/en/current/script-reference/types.html#type-set)           | [`set`](../../formats/zson.md#243-set-value)       | See [`set` details](#set) |
+| [`vector`](https://docs.zeek.org/en/current/script-reference/types.html#type-vector)     | [`array`](../../formats/zson.md#242-array-value)   | |
+| [`record`](https://docs.zeek.org/en/current/script-reference/types.html#type-record)     | [`record`](../../formats/zson.md#241-record-value) | See [`record` details](#record) |
 
 > **Note:** The [Zeek data type](https://docs.zeek.org/en/current/script-reference/types.html)
 > page describes the types in the context of the
@@ -159,8 +151,8 @@ out again in the Zeek TSV log format. Other implementations of the Zed storage
 formats (should they exist) may handle these differently.
 
 Multiple Zeek types discussed below are represented via a
-[type definition](../docs/formats/zson.md#25-type-definitions) to one of Zed's
-[primitive types](../docs/formats/zson.md#33-primitive-values). The Zed type
+[type definition](../../formats/zson.md#22-type-decorators) to one of Zed's
+[primitive types](../../formats/zson.md#23-primitive-values). The Zed type
 definitions maintain the history of the field's original Zeek type name
 such that `zq` may restore it if the field is later output in
 Zeek format. Knowledge of its original Zeek type may also enable special
@@ -186,7 +178,6 @@ these values are represented with a ZSON type name bound to the Zed `string`
 type. See the text above regarding [type definitions](#type-specific-details)
 for more details.
 
-
 ### `port`
 
 The numeric values that appear in Zeek logs under this type are represented
@@ -214,7 +205,7 @@ _not_ intended to be read or presented as such. Meanwhile, another Zeek
 UTF-8. These details are currently only captured within the Zeek source code
 itself that defines how these values are generated.
 
-Zed includes a [primitive type](../docs/formats/zson.md#33-primitive-values)
+Zed includes a [primitive type](../../formats/zson.md#23-primitive-values)
 called `bytes` that's suited to storing the former "always binary" case and a
 `string` type for the latter "always printable" case. However, Zeek logs do
 not currently communicate details that would allow an implementation to know
@@ -258,7 +249,7 @@ Zed that refer to the record at a higher level but affect all values lower
 down in the record hierarchy.
 
 Revisiting the data from our example, we can output all fields within
-`my_record` via a Zed [`cut`](../docs/language/operators/cut.md) operation.
+`my_record` via a Zed [`cut`](../../language/operators/cut.md) operation.
 
 #### Command: