I have a JSON generated using Tshark -T ek command converting Wireshark PCAP file to JSON to be inserted to Elasticsearch.
The thing is I am having parse error exception on production side.
:exception=>#<LogStash::Json::ParserError: Unexpected character (':' (code 58)): expected a valid value (number, String, array, object, 'true', 'false' or 'null')
The weird thing is, I copied the same JSON file to be tested locally, with the Logstash config file, and it turns out fine without any exception. Any thoughts on what I might be gone wrong?
I have no clue on what is wrong because the JSON is generated using Tshark -T ek command
Anyone here encounter any problems with Tshark generated JSON?
Yes. Checked few times with jsonlint. Apparently, got problems with duplicated keys, but the weird things is that it process without any problems/exception on my side.
Many thousands of users are ingesting JSON with Logstash 24/7 we rarely find bugs in the JSON parser these days. The LS JSON parser is really a wrapper around the Jackson JSON processor. https://www.google.co.uk/search?q=jackson+json
Jackson is very widely used. For example, Elasticsearch uses it to parse the JSON in the REST API.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.