code_public/logcorrelator
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: update README and architecture for v1.0.3 flat JSON structure

Browse Source 
- docs: update README.md with flat JSON output example
- docs: update architecture.yml correlated_log schema
- docs: update ClickHouse schema to use fields JSON column
- breaking: document migration from apache/network to fields

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
This commit is contained in:
Jacquin Antoine
2026-02-28 22:28:45 +01:00
parent 514cb553ef
commit 52eebafb0b
2 changed files with 18 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@ -176,6 +176,8 @@ Exemple complet dans `config.example.yml`.
### Log corrélé (sortie)
**Version 1.0.3+** - Structure JSON plate (flat) :
```json
{
"timestamp": "2024-01-01T12:00:00Z",
@ -184,11 +186,15 @@ Exemple complet dans `config.example.yml`.
"dst_ip": "10.0.0.1",
"dst_port": 80,
"correlated": true,
"apache": {"method": "GET", "path": "/api/test"},
"network": {"ja3": "abc123def456"}
"method": "GET",
"path": "/api/test",
"ja3": "abc123def456",
"ja4": "xyz789"
}
```
Tous les champs des sources A et B sont fusionnés au même niveau. Les champs de corrélation (`src_ip`, `src_port`, `dst_ip`, `dst_port`, `correlated`, `orphan_side`) sont toujours présents, et tous les autres champs des logs sources sont ajoutés directement à la racine.
## Schema ClickHouse
```sql