Hi. I'm using elasticsearch 7.11 and I would like to ingest a pcap file into elasticsearch and kibana. What would be the best way to do this
I tried using the analyzing network packets guide(Analyzing network packets with Wireshark, Elasticsearch, and Kibana | Elastic) but it wouldn't work because the guide is for older versions of elasticsearch.
tshark would be the best way to move with pcap files
The json generated may be not necessary ready to be bulked into ES latest versions, but i suggest you use logstash to clean the json before ingest it to ES.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.