26 lines
1.2 KiB
Plaintext
26 lines
1.2 KiB
Plaintext
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
|
|
|
zeek-cut [options] [<columns>]
|
|
|
|
Extracts the given columns from ASCII Zeek logs on standard input, and outputs
|
|
them to standard output. If no columns are given, all are selected.
|
|
By default, zeek-cut does not include format header blocks in the output.
|
|
|
|
Example: cat conn.log | zeek-cut -d ts id.orig_h id.orig_p
|
|
|
|
-c Include the first format header block in the output.
|
|
-C Include all format header blocks in the output.
|
|
-m Include the first format header blocks in the output in minimal view.
|
|
-M Include all format header blocks in the output in minimal view.
|
|
-d Convert time values into human-readable format.
|
|
-D <fmt> Like -d, but specify format for time (see strftime(3) for syntax).
|
|
-F <ofs> Sets a different output field separator character.
|
|
-h Show help.
|
|
-n Print all fields *except* those specified.
|
|
-u Like -d, but print timestamps in UTC instead of local time.
|
|
-U <fmt> Like -D, but print timestamps in UTC instead of local time.
|
|
|
|
For time conversion option -d or -u, the format string can be specified by
|
|
setting an environment variable ZEEK_CUT_TIMEFMT.
|
|
|