Publishes events to a channel with a topic.
publish [topic:string]Description
Section titled “Description”The publish operator publishes events at a node in a channel with the
specified topic. All subscribe operators on that topic receive the
events immediately.
During shutdown, subscribe will wait for publish to drain all data before
shutting down itself. This prevents data loss, as long as pub/sub do not
form cycles and publish does not use dynamic topic names.
topic: string (optional)
Section titled “topic: string (optional)”An optional topic for publishing events under. If unspecified, the operator
publishes events to the topic main.
Examples
Section titled “Examples”Publish Zeek connection logs under the fixed topic zeek
Section titled “Publish Zeek connection logs under the fixed topic zeek”from_file "conn.log.gz" { decompress_gzip read_zeek_tsv}publish "zeek"Publish Suricata events under a dynamic topic depending on their event type
Section titled “Publish Suricata events under a dynamic topic depending on their event type”from_file "eve.json" { read_suricata}publish f"suricata.{event_type}"