Good afternoon,
Our Metron installation uses colons in the field names. For example, geo ip enriched data appears as “enrichments:geo:ip_dst_addr:country”. Under Kibana (and from what I read Banana), the colon cannot be properly escaped for use with Timelion. My question: has anyone figured out a way to escape colons in their query or another work around in general? Is there a setting somewhere that can be used to change the default from a colon to a period or another character? Thank you, Tom.
smime.p7s
Description: S/MIME cryptographic signature
