Is it possible to geo enrich bro/zeek logs that are currently in this format? :
timestamp | uid | orig_ip | orig_p | resp_ip | resp_p | protocol | service | duration
If yes, then what is the easiest way to approach this?
If not, am I supposed to convert each entry into a JSON object, and then use GeoEnrichIP?
I was trying to do use the LookUpRecord processor as per the instructions here: https://community.cloudera.com/t5/Community-Articles/Geo-Enrich-NiFi-Provenance-Event-Data-using-Loo...
But I don't have a JSON object coming into it, so I don't know how to handle this. Could someone please help me out?