-
A user on the Brim public Slack [inquired](https://brimsec.slack.com/archives/C01092MJ9T6/p1594570698005500):
> How can one ingest logs of other formats into Zq-supported format(s)? Say, as the per…
-
You should be able to use the `in` operator with IP addresses and subnets.
e.g.,
```
10.1.1.2 in 10.0.0.0/8
```
should be true just as this is currently true:
```
10.1.1.2 in [ 10.1.1.2, 10.1.1…
-
A couple of us have noticed that in GA Brim `v0.21.0`, on views that show a mix of multiple record types, the `proto` field sometimes appears to the left of the `alert` tile. The ordering in the recor…
-
Repro is with Brim commit `032da27`, though it looks like this issue is not new, as I was able to repro it when doing a ZNG export in Brim GA tagged `v0.20.0` as well.
See the attached video that w…
-
This work involves adding an initial cut at a mergejoin proc that uses the `-P` parallel input feature of #1616.
This join will not be anything fancy and simply will join sorted inputs from a left pa…
-
Groupby, cut, and put all presume that the key/field expressions they use always evaluate to the same output type for a given input type and thus memoize certain data structures based on the input rec…
-
This zeek TSV comes from the zeekio trailing-whitespace.yaml test:
```
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path unknown_mime_type_discovery
#open 2020-04-10-18-15-32
…
-
Repro is with `zq` commit `fcad36bc` and the attached test file [repro.tzng.gz](https://github.com/brimsec/zq/files/5779006/repro.tzng.gz):
```
#0:record[_path:string,ts:time,ts_delta:duration,pee…
-
@henridf suggested having type IDs available to zql (e.g., to do `count() by id(fld)`), but since they are arbitrary integers this would an odd semantics. So, instead we could have first-class types…
-
Right now the "Export" button only generates ZNG output. It's not too difficult for users to run that ZNG through `zq` to generate any number of other supported output formats. However, "vanilla" endp…