Github user cestella commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/232#discussion_r76414283
--- Diff:
metron-platform/metron-integration-test/src/main/sample/data/bro/parsed/BroExampleParsed
---
@@ -1,10 +1,10 @@
-{"bro_timestamp":"1402307733473","status_code":200,"method":"GET","ip_dst_port":80,"request_body_len":0,"uri":"\/","tags":[],"source.type":"bro","uid":"CTo78A11g7CYbbOHvj","resp_mime_types":["text\/html"],"trans_depth":1,"protocol":"http","original_string":"HTTP
| id.orig_p:58808 status_code:200 method:GET request_body_len:0 id.resp_p:80
uri:\/ tags:[] uid:CTo78A11g7CYbbOHvj resp_mime_types:[\"text\\\/html\"]
trans_depth:1 host:www.cisco.com status_msg:OK id.orig_h:192.249.113.37
response_body_len:25523 user_agent:curl\/7.22.0 (x86_64-pc-linux-gnu)
libcurl\/7.22.0 OpenSSL\/1.0.1 zlib\/1.2.3.4 libidn\/1.23 librtmp\/2.3
ts:1402307733473 id.resp_h:72.163.4.161
resp_fuids:[\"FJDyMC15lxUn5ngPfd\"]","ip_dst_addr":"72.163.4.161","ip_src_port":58808,"host":"www.cisco.com","status_msg":"OK","response_body_len":25523,"ip_src_addr":"192.249.113.37","user_agent":"curl\/7.22.0
(x86_64-pc-linux-gnu) libcurl\/7.22.0 OpenSSL\/1.0.1 zlib\/1.2.3.4
libidn\/1.23 librtmp\/2.3","resp_fuids":["FJDyMC1
5lxUn5ngPfd"],"timestamp":1402307733473}
-{"TTLs":[3600.0,289.0,14.0],"qclass_name":"C_INTERNET","bro_timestamp":"1402308259609","qtype_name":"AAAA","ip_dst_port":53,"qtype":28,"rejected":false,"answers":["www.cisco.com.akadns.net","origin-www.cisco.com","2001:420:1201:2::a"],"trans_id":62418,"uid":"CuJT272SKaJSuqO0Ia","protocol":"dns","original_string":"DNS
| AA:true TTLs:[3600.0,289.0,14.0] qclass_name:C_INTERNET id.orig_p:33976
qtype_name:AAAA qtype:28 rejected:false id.resp_p:53 query:www.cisco.com
answers:[\"www.cisco.com.akadns.net\",\"origin-www.cisco.com\",\"2001:420:1201:2::a\"]
trans_id:62418 rcode:0 rcode_name:NOERROR TC:false RA:true
uid:CuJT272SKaJSuqO0Ia RD:true proto:udp id.orig_h:10.122.196.204 Z:0 qclass:1
ts:1402308259609
id.resp_h:144.254.71.184","ip_dst_addr":"144.254.71.184","Z":0,"ip_src_addr":"10.122.196.204","qclass":1,"timestamp":1402308259609,"AA":true,"query":"www.cisco.com","rcode":0,"rcode_name":"NOERROR","TC":false,"RA":true,"source.type":"bro","RD":true,"ip_src_port":33976,"proto":"udp"}
-{"bro_timestamp":"1402307733473","status_code":200,"method":"GET","ip_dst_port":80,"request_body_len":0,"uri":"\/","tags":[],"source.type":"bro","uid":"KIRAN","resp_mime_types":["text\/html"],"trans_depth":1,"protocol":"http","original_string":"HTTP
| id.orig_p:58808 status_code:200 method:GET request_body_len:0 id.resp_p:80
uri:\/ tags:[] uid:KIRAN resp_mime_types:[\"text\\\/html\"] trans_depth:1
host:www.cisco.com status_msg:OK id.orig_h:10.122.196.204
response_body_len:25523 user_agent:curl\/7.22.0 (x86_64-pc-linux-gnu)
libcurl\/7.22.0 OpenSSL\/1.0.1 zlib\/1.2.3.4 libidn\/1.23 librtmp\/2.3
ts:1402307733473 id.resp_h:72.163.4.161
resp_fuids:[\"FJDyMC15lxUn5ngPfd\"]","ip_dst_addr":"72.163.4.161","ip_src_port":58808,"host":"www.cisco.com","status_msg":"OK","response_body_len":25523,"ip_src_addr":"10.122.196.204","user_agent":"curl\/7.22.0
(x86_64-pc-linux-gnu) libcurl\/7.22.0 OpenSSL\/1.0.1 zlib\/1.2.3.4
libidn\/1.23 librtmp\/2.3","resp_fuids":["FJDyMC15lxUn5ngPfd"],"timestamp":
1402307733473}
-{"bro_timestamp":"1402307733473","status_code":200,"method":"GET","ip_dst_port":80,"request_body_len":0,"uri":"\/","tags":[],"source.type":"bro","uid":"KIRAN12312312","resp_mime_types":["text\/html"],"trans_depth":1,"protocol":"http","original_string":"HTTP
| id.orig_p:58808 status_code:200 method:GET request_body_len:0 id.resp_p:80
uri:\/ tags:[] uid:KIRAN12312312 resp_mime_types:[\"text\\\/html\"]
trans_depth:1 host:www.cisco.com status_msg:OK id.orig_h:192.249.113.37
response_body_len:25523 user_agent:curl\/7.22.0 (x86_64-pc-linux-gnu)
libcurl\/7.22.0 OpenSSL\/1.0.1 zlib\/1.2.3.4 libidn\/1.23 librtmp\/2.3
ts:1402307733473 id.resp_h:72.163.4.161
resp_fuids:[\"FJDyMC15lxUn5ngPfd\"]","ip_dst_addr":"72.163.4.161","ip_src_port":58808,"host":"www.cisco.com","status_msg":"OK","response_body_len":25523,"ip_src_addr":"192.249.113.37","user_agent":"curl\/7.22.0
(x86_64-pc-linux-gnu) libcurl\/7.22.0 OpenSSL\/1.0.1 zlib\/1.2.3.4
libidn\/1.23 librtmp\/2.3","resp_fuids":["FJDyMC15lxUn5ngPf
d"],"timestamp":1402307733473}
-{"bro_timestamp":"1402307733473","status_code":200,"method":"GET","ip_dst_port":80,"request_body_len":0,"uri":"\/","tags":[],"source.type":"bro","uid":"KIRAN12312312","resp_mime_types":["text\/html"],"trans_depth":1,"protocol":"http","original_string":"HTTP
| id.orig_p:58808 status_code:200 method:GET request_body_len:0 id.resp_p:80
uri:\/ tags:[] uid:KIRAN12312312 resp_mime_types:[\"text\\\/html\"]
trans_depth:1 host:www.cisco.com status_msg:OK id.orig_h:192.249.113.37
response_body_len:25523 user_agent:curl\/7.22.0 (x86_64-pc-linux-gnu)
libcurl\/7.22.0 OpenSSL\/1.0.1 zlib\/1.2.3.4 libidn\/1.23 librtmp\/2.3
ts:1402307733473 id.resp_h:72.163.4.161
resp_fuids:[\"FJDyMC15lxUn5ngPfd\"]","ip_dst_addr":"72.163.4.161","ip_src_port":58808,"host":"www.cisco.com","status_msg":"OK","response_body_len":25523,"ip_src_addr":"192.249.113.37","user_agent":"curl\/7.22.0
(x86_64-pc-linux-gnu) libcurl\/7.22.0 OpenSSL\/1.0.1 zlib\/1.2.3.4
libidn\/1.23 librtmp\/2.3","resp_fuids":["FJDyMC15lxUn5ngPf
d"],"timestamp":1402307733473}
-{"bro_timestamp":"1402307733473","status_code":200,"method":"GET","ip_dst_port":80,"request_body_len":0,"uri":"\/","tags":[],"source.type":"bro","uid":"CTo78A11g7CYbbOHvj","resp_mime_types":["text\/html"],"trans_depth":1,"protocol":"http","original_string":"HTTP
| id.orig_p:58808 status_code:200 method:GET request_body_len:0 id.resp_p:80
uri:\/ tags:[] uid:CTo78A11g7CYbbOHvj resp_mime_types:[\"text\\\/html\"]
trans_depth:1 host:gabacentre.pw status_msg:OK id.orig_h:10.122.196.204
response_body_len:25523 email:[email protected] user_agent:curl\/7.22.0
(x86_64-pc-linux-gnu) libcurl\/7.22.0 OpenSSL\/1.0.1 zlib\/1.2.3.4 libidn\/1.23
librtmp\/2.3 ts:1402307733473 id.resp_h:72.163.4.161
resp_fuids:[\"FJDyMC15lxUn5ngPfd\"]","ip_dst_addr":"72.163.4.161","ip_src_port":58808,"host":"gabacentre.pw","status_msg":"OK","response_body_len":25523,"ip_src_addr":"10.122.196.204","email":"[email protected]","user_agent":"curl\/7.22.0
(x86_64-pc-linux-gnu) libcurl\/7.22.0 OpenSSL\/1
.0.1 zlib\/1.2.3.4 libidn\/1.23
librtmp\/2.3","resp_fuids":["FJDyMC15lxUn5ngPfd"],"timestamp":1402307733473}
-{"TTLs":[3600.0,289.0,14.0],"qclass_name":"C_INTERNET","bro_timestamp":"1402308259609","qtype_name":"AAAA","ip_dst_port":53,"qtype":28,"rejected":false,"answers":["gabacentre.pw","www.cisco.com.akadns.net","origin-www.cisco.com","2001:420:1201:2::a"],"trans_id":62418,"uid":"CYbbOHvj","protocol":"dns","original_string":"DNS
| AA:true TTLs:[3600.0,289.0,14.0] qclass_name:C_INTERNET id.orig_p:33976
qtype_name:AAAA qtype:28 rejected:false id.resp_p:53 query:www.cisco.com
answers:[\"gabacentre.pw\",\"www.cisco.com.akadns.net\",\"origin-www.cisco.com\",\"2001:420:1201:2::a\"]
trans_id:62418 rcode:0 rcode_name:NOERROR TC:false RA:true uid:CYbbOHvj
RD:true proto:udp id.orig_h:93.188.160.43 Z:0 qclass:1 ts:1402308259609
id.resp_h:144.254.71.184","ip_dst_addr":"144.254.71.184","Z":0,"ip_src_addr":"93.188.160.43","qclass":1,"timestamp":1402308259609,"AA":true,"query":"www.cisco.com","rcode":0,"rcode_name":"NOERROR","TC":false,"RA":true,"source.type":"bro","RD":true,"ip_src_port":33976,"pro
to":"udp"}
-{"bro_timestamp":"1402307733473","status_code":200,"method":"GET","ip_dst_port":80,"request_body_len":0,"uri":"\/","tags":[],"source.type":"bro","uid":"CTo78A11g7CYbbOHvj","resp_mime_types":["text\/html"],"trans_depth":1,"protocol":"http","original_string":"HTTP
| id.orig_p:58808 status_code:200 method:GET request_body_len:0 id.resp_p:80
uri:\/ tags:[] uid:CTo78A11g7CYbbOHvj resp_mime_types:[\"text\\\/html\"]
trans_depth:1 host:www.cisco.com status_msg:OK id.orig_h:192.249.113.37
response_body_len:25523 user_agent:curl\/7.22.0 (x86_64-pc-linux-gnu)
libcurl\/7.22.0 OpenSSL\/1.0.1 zlib\/1.2.3.4 libidn\/1.23 librtmp\/2.3
ts:1402307733473 id.resp_h:72.163.4.161
resp_fuids:[\"FJDyMC15lxUn5ngPfd\"]","ip_dst_addr":"72.163.4.161","ip_src_port":58808,"host":"www.cisco.com","status_msg":"OK","response_body_len":25523,"ip_src_addr":"192.249.113.37","user_agent":"curl\/7.22.0
(x86_64-pc-linux-gnu) libcurl\/7.22.0 OpenSSL\/1.0.1 zlib\/1.2.3.4
libidn\/1.23 librtmp\/2.3","resp_fuids":["FJDyMC1
5lxUn5ngPfd"],"timestamp":1402307733473}
-{"TTLs":[3600.0,289.0,14.0],"qclass_name":"C_INTERNET","bro_timestamp":"1402308259609","qtype_name":"AAAA","ip_dst_port":53,"qtype":28,"rejected":false,"answers":["www.cisco.com.akadns.net","origin-www.cisco.com","2001:420:1201:2::a"],"trans_id":62418,"uid":"CuJT272SKaJSuqO0Ia","protocol":"dns","original_string":"DNS
| AA:true TTLs:[3600.0,289.0,14.0] qclass_name:C_INTERNET id.orig_p:33976
qtype_name:AAAA qtype:28 rejected:false id.resp_p:53 query:www.cisco.com
answers:[\"www.cisco.com.akadns.net\",\"origin-www.cisco.com\",\"2001:420:1201:2::a\"]
trans_id:62418 rcode:0 rcode_name:NOERROR TC:false RA:true
uid:CuJT272SKaJSuqO0Ia RD:true proto:udp id.orig_h:10.122.196.204 Z:0 qclass:1
ts:1402308259609
id.resp_h:144.254.71.184","ip_dst_addr":"144.254.71.184","Z":0,"ip_src_addr":"10.122.196.204","qclass":1,"timestamp":1402308259609,"AA":true,"query":"www.cisco.com","rcode":0,"rcode_name":"NOERROR","TC":false,"RA":true,"source.type":"bro","RD":true,"ip_src_port":33976,"proto":"udp"}
-{"bro_timestamp":"1402307733473","status_code":200,"method":"GET","ip_dst_port":80,"request_body_len":0,"uri":"\/","tags":[],"source.type":"bro","uid":"KIRAN","resp_mime_types":["text\/html"],"trans_depth":1,"protocol":"http","original_string":"HTTP
| id.orig_p:58808 status_code:200 method:GET request_body_len:0 id.resp_p:80
uri:\/ tags:[] uid:KIRAN resp_mime_types:[\"text\\\/html\"] trans_depth:1
host:www.cisco.com status_msg:OK id.orig_h:10.122.196.204
response_body_len:25523 user_agent:curl\/7.22.0 (x86_64-pc-linux-gnu)
libcurl\/7.22.0 OpenSSL\/1.0.1 zlib\/1.2.3.4 libidn\/1.23 librtmp\/2.3
ts:1402307733473 id.resp_h:72.163.4.161
resp_fuids:[\"FJDyMC15lxUn5ngPfd\"]","ip_dst_addr":"72.163.4.161","ip_src_port":58808,"host":"www.cisco.com","status_msg":"OK","response_body_len":25523,"ip_src_addr":"10.122.196.204","user_agent":"curl\/7.22.0
(x86_64-pc-linux-gnu) libcurl\/7.22.0 OpenSSL\/1.0.1 zlib\/1.2.3.4
libidn\/1.23 librtmp\/2.3","resp_fuids":["FJDyMC15lxUn5ngPfd"],"timestamp":
1402307733473}
\ No newline at end of file
+{"bro_timestamp":"1402307733.473","status_code":200,"method":"GET","ip_dst_port":80,"request_body_len":0,"uri":"\/","tags":[],"source.type":"bro","uid":"CTo78A11g7CYbbOHvj","resp_mime_types":["text\/html"],"trans_depth":1,"protocol":"http","original_string":"HTTP
| id.orig_p:58808 status_code:200 method:GET request_body_len:0 id.resp_p:80
uri:\/ tags:[] uid:CTo78A11g7CYbbOHvj resp_mime_types:[\"text\\\/html\"]
trans_depth:1 host:www.cisco.com status_msg:OK id.orig_h:192.249.113.37
response_body_len:25523 user_agent:curl\/7.22.0 (x86_64-pc-linux-gnu)
libcurl\/7.22.0 OpenSSL\/1.0.1 zlib\/1.2.3.4 libidn\/1.23 librtmp\/2.3
ts:1402307733.473 id.resp_h:72.163.4.161
resp_fuids:[\"FJDyMC15lxUn5ngPfd\"]","ip_dst_addr":"72.163.4.161","ip_src_port":58808,"host":"www.cisco.com","status_msg":"OK","response_body_len":25523,"ip_src_addr":"192.249.113.37","user_agent":"curl\/7.22.0
(x86_64-pc-linux-gnu) libcurl\/7.22.0 OpenSSL\/1.0.1 zlib\/1.2.3.4
libidn\/1.23 librtmp\/2.3","resp_fuids":["FJDyM
C15lxUn5ngPfd"],"timestamp":1402307733473}
--- End diff --
It appears that bro_timestamp is changing format, which will have an effect
on the kibana dashboard that we ship. Have you investigated if we rely on
`bro_timestamp` at all in that dashboard and, if so, what the impact is?
Wouldn't want to inadvertently break our dashboard.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
