Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 11754] Add JSON as an output format

Wireshark-bugs: [Wireshark-bugs] [Bug 11754] Add JSON as an output format

Date: Mon, 13 Jun 2016 14:13:27 +0000

Comment # 8 on bug 11754 from Martin Kacer

Early draft.
https://code.wireshark.org/review/#/c/15869/

Added tshark output formats: json|ek.

json - json output
ek - json format for bulk upload to Elasticsearch. It can be used in following
way to upload data into Elasticsearch:

./tshark -T ek -r test.pcap > test.json
curl -XPUT http://elasticsearch:9200/_bulk --data-binary @test.json

Added value of this is that tshark could by used to output data into
Elasticsearch. So working as some monitoring probe. And in elasticsearch could
be done latter analytics or some packet history.

TODO:
- add index _timestamp
- maybe some configuration which fields to include for EK or what level of
information to include

You are receiving this mail because:

You are watching all bug changes.

Prev by Date: [Wireshark-bugs] [Bug 12514] New: Decoding of URL parameters of HTTP GET requests
Next by Date: [Wireshark-bugs] [Bug 12515] New: 802.11 data frame missing LLC
Previous by thread: [Wireshark-bugs] [Bug 11754] Add JSON as an output format
Next by thread: [Wireshark-bugs] [Bug 11754] Add JSON as an output format
Index(es):
- Date
- Thread