You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I noticed some inconsistencies in normalization for decoding "protocol" from logs, especially with networking logs.
The majority of decoders associate "protocol" with the literal "protocol" field. Other decoders (specifically fortigate, sonicwall, and others) decode the protocol into the "proto" field.
For normalization, is it appropriate to modify the decoder fields for consistency among other decoders?
I have applied this change to a local decoder and verified the field is corrected.
Hi all!
I noticed some inconsistencies in normalization for decoding "protocol" from logs, especially with networking logs.
The majority of decoders associate "protocol" with the literal "protocol" field. Other decoders (specifically fortigate, sonicwall, and others) decode the protocol into the "proto" field.
For normalization, is it appropriate to modify the decoder fields for consistency among other decoders?
I have applied this change to a local decoder and verified the field is corrected.
Github filter search for "proto":
Proto Search
Github filter search for "protocol":
Protocol Search
The text was updated successfully, but these errors were encountered: