Mirror/zeek - git.uphillsecurity.com: We code.

Mirror/zeek

Fork 0

mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00

Commit graph

Author	SHA1	Message	Date
Arne Welzel	93813a5079	logging/ascii/json: Make TS_MILLIS signed, add TS_MILLIS_UNSIGNED It seems TS_MILLIS is specifically for Elasticsearch and starting with Elasticsearch 8.2 epoch_millis does (again?) support negative epoch_millis, so make Zeek produce that by default. If this breaks a given deployment, they can switch Zeek back to TS_MILLIS_UNSIGNED. https://discuss.elastic.co/t/migration-from-es-6-8-to-7-17-issues-with-negative-date-epoch-timestamp/335259 https://github.com/elastic/elasticsearch/pull/80208 Thanks for @timo-mue for reporting! Closes #4494	2025-05-30 17:23:29 +02:00

Author

SHA1

Message

Date

Arne Welzel

93813a5079

logging/ascii/json: Make TS_MILLIS signed, add TS_MILLIS_UNSIGNED

It seems TS_MILLIS is specifically for Elasticsearch and starting with
Elasticsearch 8.2 epoch_millis does (again?) support negative epoch_millis,
so make Zeek produce that by default.

If this breaks a given deployment, they can switch Zeek back to TS_MILLIS_UNSIGNED.

https://discuss.elastic.co/t/migration-from-es-6-8-to-7-17-issues-with-negative-date-epoch-timestamp/335259
https://github.com/elastic/elasticsearch/pull/80208

Thanks for @timo-mue for reporting!

Closes #4494

2025-05-30 17:23:29 +02:00

1 commit