You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am testing this module for adding enrichments to data before we write the data to elasticsearch and looking for some guidance on proper usage of the library.
Currently I am using a string tree and storing key:value pairs as tags like "dns-hostname:foo.example.com" and "asn:65535", and then parsing these tags out -- my question is, is this the proper way to go about this? or am I missing something obvious? in the case of integers, would it be better to just duplicate the tree where the only tag represents the ASN Number? and then store another tree containing dns names, and yet another containing other metadata? and if I need to have another integer tag, create another tree for that, and so on?
our tree currently is not expected to store millions and millions of entries, but its feasible it could have 1M+ if we decide to store 'global' data in it such as the internet routing table to for example enrich a log entry IP address with the AS Number, and some number of nodes in the tree may have several tags associated representing key:value pairs
Thanks!
The text was updated successfully, but these errors were encountered:
hello,
I am testing this module for adding enrichments to data before we write the data to elasticsearch and looking for some guidance on proper usage of the library.
Currently I am using a string tree and storing key:value pairs as tags like "dns-hostname:foo.example.com" and "asn:65535", and then parsing these tags out -- my question is, is this the proper way to go about this? or am I missing something obvious? in the case of integers, would it be better to just duplicate the tree where the only tag represents the ASN Number? and then store another tree containing dns names, and yet another containing other metadata? and if I need to have another integer tag, create another tree for that, and so on?
our tree currently is not expected to store millions and millions of entries, but its feasible it could have 1M+ if we decide to store 'global' data in it such as the internet routing table to for example enrich a log entry IP address with the AS Number, and some number of nodes in the tree may have several tags associated representing key:value pairs
Thanks!
The text was updated successfully, but these errors were encountered: