Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 11754] Add JSON as an output format

Wireshark-bugs: [Wireshark-bugs] [Bug 11754] Add JSON as an output format

Date: Mon, 27 Jun 2016 15:01:05 +0000

Comment # 21 on bug 11754 from Thomas Baudelet

Hi Martin,

Thanks for your work! I haven't tried it yet, only seen your screenshots on
https://sites.google.com/site/h21lab/tools/tshark_elasticsearch

Two questions:
* How does your -j JSON filter work? I see "dns text" which is not display
filter logic
-> Does the space make an OR?
-> Can you specify all display filter like "ip.src" for ex?

* Why do keys change between JSON and EK output, with underscores and the layer
name.
dns.id changes to dns_dns_id

I don't get the 2nd version with underscores, it would be much easier to set
the keys in Elastic Search with exact Wireshark field name (dns.id), or there's
a limitation in EK?

Thanks,
Thomas

You are receiving this mail because:

You are watching all bug changes.

Prev by Date: [Wireshark-bugs] [Bug 12563] Wireshark crashes when using "Export Packet Bytes"
Next by Date: [Wireshark-bugs] [Bug 11754] Add JSON as an output format
Previous by thread: [Wireshark-bugs] [Bug 11754] Add JSON as an output format
Next by thread: [Wireshark-bugs] [Bug 11754] Add JSON as an output format
Index(es):
- Date
- Thread