zeek-cut currently has ability to output "header blocks" in prefix to records. It would be helpful if there was an option that output a simple header row that contained only the corresponding field names, the target format supporting essentially CSV ready output.

Convoluted example of how we're achieving/using today with (for example) the Miller tool to postprocess:

$ zeek-cut -F, -c < 

The gist of it is:

• Look at url and domain attributes.
• If url, extract domain and add a domain attribute.
• Run similarity scorer on the domains using #734 (hides then commonly visited domains)
• Do some sort of analysis on the domains... either the ones that are not commonly visited or all of them... ideas would include something like:
  • VT or some other domain service l

I was wondering the benefit of using Modular File Management vs Single Config File Management? Why do you consider it easier to use multiple files and then compile? Trying to figure out what the best case is for my use case. Thanks. #

Right now a lot of the logging from the tasks does not get propagated back to the user, so we should make sure that all of the tasks are adding logs and errors to the results so that at minimum the data gets put into the worker-log.txt. Ideally we would store this info in datastore so that the clients could query it later (this part is in #115).