On Tue, Aug 21, 2018 at 1:09 PM Robin Sommer wrote:
> Also, this question is about events, not logs, right? Logs have a
> different wire format and they actually come with meta data describing
> their columns.
Though the Broker data corresponding to log entry content is also
opaque at the
On Tue, Aug 21, 2018 at 12:34 -0500, Jonathan Siwek wrote:
> Maybe there's a more standardized approach that could be worked
> towards, but likely we just need more experience in understanding and
> defining common use-cases for external Bro data consumption.
Dominik, wasn't the original idea
On Tue, Aug 21, 2018 at 8:54 AM Dominik Charousset
wrote:
> This raises a couple of questions. Primarily: where can Broker users learn
> the layouts to interpret received data?
broker/bro.hh is basically all there is right now. e.g. if you
construct a broker::bro::Event from a received
We are currently writing code for ingesting data directly using Broker’s API.
From the docs, it seems that Broker assumes that publishers and subscribers
somehow agree on one layout per topic: "senders and receivers will need to
agree on a specific data layout for the values exchanged, so that
