example_config.json

{
    "http": {
        "bind": ":8080"
    },
    "indexers": [
        {
            "name": "conn",
            "backend": "bro",
            "file_glob": "/bro/logs/*/conn.*gz",
            "recent_file_glob": "/bro/logs/%Y-%m-%d/conn.*gz",
            "filename_to_database_regex": "logs/(?P<yearmonth>\\d+-\\d+)-\\d+/",
            "filename_to_time_regex": "logs/(?P<year>\\d\\d\\d\\d)-(?P<month>\\d\\d)-(?P<day>\\d\\d)/\\w+\\.(?P<hour>\\d\\d):(?P<minute>\\d\\d)",
            "database_root": "/bro/index/conn/",
            "database_path": "$yearmonth.db"
        },
        {
            "name": "http",
            "backend": "bro",
            "file_glob": "/bro/logs/*/http.*gz",
            "recent_file_glob": "/bro/logs/%Y-%m-%d/http.*gz",
            "filename_to_database_regex": "logs/(?P<yearmonth>\\d+-\\d+)-\\d+/",
            "filename_to_time_regex": "logs/(?P<year>\\d\\d\\d\\d)-(?P<month>\\d\\d)-(?P<day>\\d\\d)/\\w+\\.(?P<hour>\\d\\d):(?P<minute>\\d\\d)",
            "database_root": "/bro/index/http/",
            "database_path": "$yearmonth.db"
        },
        {
            "name": "notice",
            "backend": "bro",
            "file_glob": "/bro/logs/*/notice.*gz",
            "recent_file_glob": "/bro/logs/%Y-%m-%d/notice.*gz",
            "filename_to_database_regex": "logs/(?P<year>\\d+)-\\d+-\\d+/",
            "filename_to_time_regex": "logs/(?P<year>\\d\\d\\d\\d)-(?P<month>\\d\\d)-(?P<day>\\d\\d)/\\w+\\.(?P<hour>\\d\\d):(?P<minute>\\d\\d)",
            "database_root": "/bro/index/notice/",
            "database_path": "$year.db"
        },
        {
            "name": "flows",
            "backend": "nfdump",
            "file_glob": "/netflow/data/*/*/*/*/nfcapd.*",
            "recent_file_glob": "/netflow/data/*/%Y/%m/%d/nfcapd.*",
            "filename_to_database_regex": "nfcapd.(?P<year>\\d\\d\\d\\d)(?P<month>\\d\\d)(?P<day>\\d\\d)(?P<hour>\\d\\d)(?P<minute>\\d\\d)",
            "filename_to_time_regex": "nfcapd.(?P<year>\\d\\d\\d\\d)(?P<month>\\d\\d)(?P<day>\\d\\d)(?P<hour>\\d\\d)(?P<minute>\\d\\d)",
            "database_root": "/opt/flow-indexer/flows/",
            "database_path": "$year$month$day.db"
        }
    ]
}