[
https://issues.apache.org/jira/browse/METRON-2343?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17104631#comment-17104631
]
Rich Irwin commented on METRON-2343:
------------------------------------
My apologies on the delay. The use case is a multi node deployment of zeek in
various locations and having a field to provide context of which zeek instance
produced the log. I am able to add a field (in this case system hostname)
which is appended to the logs stored on disk. Thus when producing to Kafka,
this field is included with the output. However, it might be useful to be able
to add this field to just the output to Kafka and not store in the Zeek logs
directly.
> Bro Kafka plugin - ability to dynamically modify JSON
> -----------------------------------------------------
>
> Key: METRON-2343
> URL: https://issues.apache.org/jira/browse/METRON-2343
> Project: Metron
> Issue Type: Wish
> Affects Versions: 0.3.0
> Reporter: Rich Irwin
> Priority: Major
>
> Desire to have the ability to modify Bro log JSON and add a field prior to
> producing to Kafka. There is an ability to add a field to the actual Bro
> log, however, this could be cumbersome on disk space. Furthermore, the field
> looking to be added only pertains to the destined data lake for analytical
> purposes.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
