vast import

Synopsis


usage: import [<parameters>] <command>

imports data from STDIN or file

parameters:
  [-h | -? | --help] <boolean>      prints the help text
  [--documentation?] <boolean>      prints the Markdown-formatted documentation
  [-t | --table-slice-type] <atom>  table slice type
  [-b | --blocking] <boolean>       block until the IMPORTER forwarded all data
  [-n | --max-events] <uint64>      the maximum number of events to import

subcommands:
  zeek            imports Zeek logs from STDIN or file
  mrt             import MRT logs from STDIN or file
  bgpdump         imports BGPdump logs from STDIN or file
  csv             imports CSV logs from STDIN or file
  json            imports JSON with schema
  suricata        imports suricata eve json
  test            imports random data for testing or benchmarking
  pcap            imports PCAP logs from STDIN or file
  netflow-v5      imports Netflow v5 logs from STDIN or file
  netflow-v9      imports Netflow v9 logs from STDIN or file
  corelight-json  imports corelight json

Documentation

The import command ingests data. An optional filter expression allows for restricing the input to matching events. The format of the imported data must be explicitly specified:

vast import [options] <format> [options] [expr]

The import command is the dual to the export command.