Open
Description
Zeek writes logs using TSV / ASCII format by default. These logs are gzipped (by default) by the Zeek log rotation script so most folks will end up uploading gzipped TSV logs by default.
Expected bahaviour : zeek tsv files are un-gzipped and added to the matano data lake
Actual behaviour : the transformer function fails with
INFO transformer: {
"bytes_processed": 1607225,
"error": false,
"failing_log_sources": null,
"log_sources": [
"zeek"
],
"matano_log": true,
"rows_written": 0,
"service": "transformer",
"sidelined_lines_count": null,
"sidelined_log_sources": null,
"time": 165,
"type": "matano_service_log"
}
Metadata
Assignees
Labels
No labels