2015-06-24 14:40:06 [10982] <warning>  reason=feed.query.hit type=event process_guid=0000000d-0000-564b-01d0-aeac18ce56e9 segment_id=1488563344023 host='stress03' comms_ip='' interface_ip='' sensor_id=13 feed_id=4 feed_name='bit9endpointvisibility' timestamp='1435171205.89' start_time='2015-06-24T18:32:16.752Z' group='Default Group' process_md5='ab611b1f6c952654665a4cda027581f4' process_sha256=’a76b4c204d7e28f0e4dcbb6abc910dC3e7f820416ed744874cba74849067b71’ 
process_name='cbquery' process_path='/usr/share/cb/cbquery' last_update='2015-06-24T18:32:17.345Z'

reason=feed.query.hit type=event 
process_guid={{doc['process_id']}} 
segment_id={{doc["segment_id"]}} 
host='{{doc['hostname']}}' 
comms_ip='{{doc['comms_ip']}}' 
interface_ip='{{doc['interface_ip']}}' 
sensor_id={{doc['sensor_id']}} 
feed_id={{doc['feed_id']}} 
feed_name='{{doc['feed_name']}}'
{% for k in doc['ioc_attr'] %} {{k}}='{{doc['ioc_attr'][k]}}'{% endfor %} 
timestamp='{{doc['event_timestamp']}}' 
start_time='{{doc['start']}}' 
group='{{doc['group']}}' 
process_md5='{{doc['process_md5']}}'
process_sha256='{{doc['process_sha256']}}'
process_name='{{doc['process_name']}}' 
process_path='{{doc['path']}}' 
last_update='{{doc['last_update']}}'
{% for k in doc %}{% if k.startswith("alliance_") %} {{k}}='{{doc[k]}}'{% endif %}{% endfor %}