In local.bro, add the following line...
redef LogAscii::json_timestamps = JSON::TS_ISO8601;
That should make your log have timestamps in ISO8601 time format which
most systems natively recognize and understand.
On 29 Oct 2019, at 23:31, venkatesh bandari wrote:
we are doing a zeek poc.iam doing the integration with splunk.in the
logs i see the ts value which is not in human readable
format.zeek-cut/bro-cut on the box can be used to convert ts to human
readable format using -d
the question is how can i do this before sending the json logs to
there a way
Zeek mailing list
Seth Hall * Corelight, Inc * www.corelight.com