[Oisf-users] Fwd: Stream field in Alert Record in eve.json

[Michael Riggs]

Hey list,

I've dug around, but I cannot see the how/why the stream field is set
"stream":0
"stream":1

Is there documentation around the fields or can someone drop me how this is
determined?

Thanks!

Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180717/92be4c4b/attachment.html>