6 lines (5 loc) · 249 Bytes

A_Splunk_TA_zeek

Sidecar app for Corelight's TA for Zeek https://splunkbase.splunk.com/app/5466

NOTES

2025/10/7 - props.conf

adding FIELDALIAS to account for modern data coming in with a dot instead of underscore, ie id.orig_h vs id_orig_h

⚡