Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-03 15:18:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Minor documentation formatting change

Browse source
This commit is contained in:
Vlad Grigorescu 2012-06-03 23:01:18 -04:00
parent 3d8b86c00a
commit bf852b51f5
1 changed files with 2 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
doc/logging-elasticsearch.rst
View file

@ -76,8 +76,10 @@ Bro's ElasticSearch writer comes with a few configuraiton options::
- cluster_name: Currently unused. - cluster_name: Currently unused.
- server_host: Where to send the data. Default localhost. - server_host: Where to send the data. Default localhost.
- server_port: What port to send the data to. Default 9200. - server_port: What port to send the data to. Default 9200.
- index_name: ElasticSearch indexes are like databases in a standard DB model. - index_name: ElasticSearch indexes are like databases in a standard DB model.
This is the name of the index to which to send the data. Default bro-logs. This is the name of the index to which to send the data. Default bro-logs.
- type_prefix: ElasticSearch types are like tables in a standard DB model. This is a prefix that gets prepended to Bro log names. Example: type_prefix = "bro_" would create types "bro_dns", "bro_http", etc. Default: none. - type_prefix: ElasticSearch types are like tables in a standard DB model. This is a prefix that gets prepended to Bro log names. Example: type_prefix = "bro_" would create types "bro_dns", "bro_http", etc. Default: none.
- batch_size: How many messages to buffer before sending to ElasticSearch. This is mainly a memory optimization - changing this doesn't seem to affect indexing performance that much. Default: 10,000. - batch_size: How many messages to buffer before sending to ElasticSearch. This is mainly a memory optimization - changing this doesn't seem to affect indexing performance that much. Default: 10,000.