Ask Your Question
0

Deduplication in tshark -T ek [closed]

asked 2017-11-22 21:10:48 +0000

chris_toph gravatar image

Hi folks,

I'm trying to import a network dump, which I created via tshark -i en1 -T ek > packets.json to elasticsearch.

Using the bulk importer of ElasticSarch, the import fails, because there are duplicate names of the fields. I think, since version 6.0 elasticsearch is more strictly when it comes to checking for duplicates.

So, my question is, why there are some duplicate names for fields, like ip_ip_addr or ip_text. In my understanding they should have unique names, so that you can import those data into ElasticSearch.

Thank you for your help and BR Christoph

edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by chris_toph
close date 2017-11-22 21:44:46.057515

add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2017-11-22 21:43:34 +0000

Uli gravatar image

There was a bug report for this issue.

It is fixed with current master version (2.5.X).

edit flag offensive delete link more
add a comment

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2017-11-22 21:10:48 +0000

Seen: 1,083 times

Last updated: Nov 22 '17

Related questions

filtering out protocol, sequence number, and ack using tshark

Using tshark filters to extract only interesting traffic from 12GB trace

Any way to use cmd tshark for a gns3 wire?

authority RRs tshark

can I install only tshark?

How do I change the interface on Tshark?

Tshark TCP stream assembly

Tshark output file problem, saving to csv or txt

How to convert Pcapng file to pcap file by Tshark

how to save a special values in tshark