A_Splunk_TA_zeek

Sidecar app for Corelight's TA for Zeek https://splunkbase.splunk.com/app/5466

2025/10/7 - props.conf

adding FIELDALIAS to account for modern data coming in with a dot instead of underscore, ie id.orig_h vs id_orig_h

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
bin		bin
default		default
lookups		lookups
metadata		metadata
static		static
README.md		README.md

Provide feedback