I'm running packetbeat with my own pcap file.
I have noticed that when I run it without options (just -I file.pcap) it works ok, with the corresponding delays.
When I use -t flag (TopSpeed), i don't see any packet in the console output. However, if besides that, I use the flag -O and i press Enter key until the end of file, the console shows the read packets correctly.
Is it a bug in the output system?
It happens in packetbeat 1.3.1 and 5.1.2
Try using the -waitstop <seconds> option to allow Packetbeat to process the data before stopping. For example:
./packetbeat -e -v -waitstop 10 -t -I dns-tunnel-iodine-timeshifted.pcap
Example from https://github.com/elastic/examples/tree/master/packetbeat_dns_tunnel_detection
Thank you! That's the solution.
I supose the "Top Speed" option speeds up the main thread too much for the output 
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.