[zeek:json]
DATETIME_CONFIG =
INDEXED_EXTRACTIONS = json
KV_MODE = none
LINE_BREAKER = ([\r\n]+)
NO_BINARY_CHECK = true
category = Structured
description = Zeek JSON sourcetype with fixed timestamp parsing.
disabled = false
pulldown_type = true
TIMESTAMP_FIELDS = ts
TIME_FORMAT = %s.%6N