Article describing how to create/use a custom typing schema for Zeek NDJSON ingest

[philrz]

The JSON typing schema that will ship with the next Brim release is based on a "stock" Zeek v3.1.2 configuration. If a user has logs that were generated in a Zeek environment that has been customized at all, their set of log files & fields is likely to vary from what's defined in this schema. If they then attempt to ingest any Zeek NDJSON logs from the environment, they will experience warnings/errors and not all data will be ingested.

To get ahead of Support issues, we'll write an article for the wiki that describes how to use zq to customize the schema and use it in the app. In the article we'll encourage users to come talk to us on Slack if they're doing Zeek NDJSON ingest, since it will help us prioritize how much we invest in further improving the customization experience.

Perhaps we could also link to the article from the error/warning messages in the app.

[philrz]

brimdata/super#716 has a doc for the zq side, and after that's approved/merged, I'll write a corresponding doc for the Brim wiki.

[philrz]

#735 has the doc for the Brim wiki.