 | 1 | initial version |
Is there any method of pruning the tshark tmp file after the data has been sent to elasticsearch?
No. There is, at best, a method for discarding packets once more than a certain number have been written - the ring buffer option mentioned by @Jaap.
See bug 2743.
