-
Brim v0 ensures records are sorted by timestamp, starting from the TSV logs generated by Zeek and then invoking the `sort` processor using a limit:
```
sort -r -limit 10000000 ts
```
We should use a …
-
We've added support for an in-memory time index in zqd; we need to ensure that Brim's api usage (ingest & search) uses it.
-
I'm pretty sure I've seen this issue in the past, but I've only now come up with a formula for reproducing it with some reliability. This repro was in GA Brim tagged `v0.11.0` talking to `zqd` tagged …
-
**Request**
As a User of zar, I want to use Brim so that the search experience is graphical, intuitive and familiar to desktop-scale search.
**User Flow for Search in zar world**
1. User types en…
-
Several tests for Brim / zq integration involve uploading a pcap through Brim and then doing something with it. In [one run](https://github.com/brimsec/brim/runs/596826483), there were i/o errors that…
-
In some cases, results never appear after ingesting a pcap, although the span of the ingested pcap is known. @philrz reports having seen this locally, and integration test CI started encountering it h…
-
**Describe the bug**
For some scripts, the wordbreaker fails to recognize that letter characters... represent letters. With the way the wordbreaker is currently written, this leads the algorithm to …
-
These are some questions I have about deflate_quick() that perhaps somebody (@jtkukunas ?) can answer - at least it is good to have it documented.
1. Why is deflate quick window only 8K? It seems l…
-
In its current state as of Brim commit `f837314`, JSON ingest is ready for the "happiest path" of a user that has Zeek JSON logs that conform to the schema we ship that's based on "stock" Zeek v3.1.2.…
-
Hello,
echo $GOPATH
/home/xxx/go
$ make install or sudo make install
cmd/pcap/main.go:7:2: cannot find package "github.com/brimsec/zq/cmd/pcap/cut" in any of:
/usr/lib/go-1.10/src/github…