12 lines
287 B
Plaintext
12 lines
287 B
Plaintext
[zeek:json]
|
|
DATETIME_CONFIG =
|
|
INDEXED_EXTRACTIONS = json
|
|
KV_MODE = none
|
|
LINE_BREAKER = ([\r\n]+)
|
|
NO_BINARY_CHECK = true
|
|
category = Structured
|
|
description = Zeek JSON sourcetype with fixed timestamp parsing.
|
|
disabled = false
|
|
pulldown_type = true
|
|
TIMESTAMP_FIELDS = ts
|
|
TIME_FORMAT = %s.%6N |