From 3d89b5a153c0349cf0343a040bc8d4dd18f6ee35 Mon Sep 17 00:00:00 2001
From: Jeff Bryner <jeff@jeffbryner.com>
Date: Mon, 4 May 2015 09:42:01 -0700
Subject: [PATCH] add more json examples, fix up existing ones

---
 docs/source/usage.rst | 68 ++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 64 insertions(+), 4 deletions(-)

diff --git a/docs/source/usage.rst b/docs/source/usage.rst
index 34c30e55..21ad500b 100644
--- a/docs/source/usage.rst
+++ b/docs/source/usage.rst
@@ -262,16 +262,17 @@ Examples
 
 	{
 	    "timestamp": "2014-02-14T11:48:19.035762739-05:00",
-	    "hostname": "fedbox",
+	    "hostname": "somemachine.in.your.company.com",
 	    "processname": "/path/to/your/program.exe",
 	    "processid": 3380,
 	    "severity": "INFO",
 	    "summary": "joe login failed",
 	    "category": "authentication",
-	    "source": "",
+	    "source": "ldap",
 	    "tags": [
-	        "MySystem",
-	        "Authentication"
+	        "ldap",
+	        "adminAccess",
+            "failure"
 	    ],
 	    "details": {
 	        "user": "joe",
@@ -281,6 +282,65 @@ Examples
 	}
 
 
+.. code-block:: javascript
+    {
+        "category": "netflow",
+        "tags": [
+          "netflow",
+          "network"
+        ],
+        "timestamp": "2015-05-04T16:36:52.336527+00:00",
+        "summary": "10.247.28.2:60469 --> 2.192.38.177:6824",
+        "details": {
+          "protocol": 6,
+          "destinationmask": 0,
+          "sourceipv4address": "10.247.28.2",
+          "nexthop": "0.0.0.0",
+          "unixnanoseconds": 0,
+          "site": "site1",
+          "tcpflags": 16,
+          "enginetype": 0,
+          "engineid": 0,
+          "uptime": 96215086,
+          "tos": 0,
+          "hostname": "fw1.site1.somewhere.net",
+          "version": 5,
+          "unixseconds": 1430757412,
+          "sourceport": 60469,
+          "destinationport": 6824,
+          "flowsequence": 93808622,
+          "octets": 1656,
+          "destinationipgeolocation": {
+            "city": "Beijing",
+            "region_code": "22",
+            "area_code": 0,
+            "time_zone": "Asia/Harbin",
+            "dma_code": 0,
+            "metro_code": null,
+            "country_code3": "CHN",
+            "latitude": 39.9289,
+            "postal_code": null,
+            "longitude": 116.38830000000002,
+            "country_code": "CN",
+            "country_name": "China",
+            "continent": "AS"
+          },
+          "samplinginterval": 100,
+          "sourceasn": 0,
+          "sourceipaddress": "10.247.28.2",
+          "count": 29,
+          "destinationipaddress": "2.192.38.177",
+          "last": 96205073,
+          "sourcemask": 21,
+          "packets": 4,
+          "destinationasn": 0,
+          "sitetype": "office",
+          "destinationipv4address": "2.192.38.177",
+          "first": 96161074
+        }
+    }
+
+
 
 Writing alerts
 --------------