https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16656
--- Comment #9 from Santiago Ciciliani <santiago.cicili...@gmail.com> ---
(In reply to Guy Harris from comment #6)
> (In reply to Guy Harris from comment #5)
> > (In reply to Guy Harris from comment #4)
> > > What's an example of the format you want? Show an example with two
> > > packets.
> >
> > In particular, is it just "ek without the index rows", in which case
> > "ek-noindices" might be the right name to use as the -T argument.
>
> Your comment in the ask.wireshark.org question
>
> > Well as you may know the regular json output returns an array of json
> > objects.
> > Therefore in order to parse that array it has to be completed (with the
> > trailing
> > ]) which is added once the capture is completed (pressing ctrl-c for
> > example)
> >
> > For continuos captures such as real time streaming I can't parse the array
> > because it is never completed (unless I do some hack), therefore one json
> > row for each packet is the more portable way to retrieve this data.
>
> so that's at least similar to "ek without the index rows".
>
> Would that suffice?
Yes, Elasticsearch loads NDJSON format but requires the index definition before
each record as explained here:
https://stackoverflow.com/questions/33340153/elasticsearch-bulk-index-json-data
In fact the index definition may not be required that is why the first
suggestion was to add a flag for it.
--
You are receiving this mail because:
You are watching all bug changes.
___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
