 | 1 | initial version |
The ek format (jsonnl) from tshark is great for capturing into some Big Data environment. Unfortunately as the format is designed for ElasticSearch the index information is added before each row
Well, yes, the ek format was, in fact, designed for ElasticSearch; that's why the index is there.
If -T json won't work for what you're doing, perhaps there should be another format, designed for whatever big data format you're using, rather than adding Yet Another Flag to say "yeah, I know, I asked for ek, but I didn't mean ElasticSearch".
In any case, the way to request an enhancement is to post a request on the Wireshark Bugzilla.
