Wireshark-bugs: [Wireshark-bugs] [Bug 11754] Add JSON as an output format
Date: Mon, 27 Jun 2016 15:01:05 +0000

Comment # 21 on bug 11754 from
Hi Martin,

Thanks for your work! I haven't tried it yet, only seen your screenshots on
https://sites.google.com/site/h21lab/tools/tshark_elasticsearch

Two questions:
* How does your -j JSON filter work? I see "dns text" which is not display
filter logic
-> Does the space make an OR?
-> Can you specify all display filter like "ip.src" for ex?

* Why do keys change between JSON and EK output, with underscores and the layer
name.
dns.id changes to dns_dns_id

I don't get the 2nd version with underscores, it would be much easier to set
the keys in Elastic Search with exact Wireshark field name (dns.id), or there's
a limitation in EK?

Thanks,
Thomas


You are receiving this mail because:
  • You are watching all bug changes.