Read from pcap file VS Not read from pcap file

hyhong · August 22, 2019, 9:13am

First,I use follow command read data to es:
./packetbeat -e -c packetbeat-redis.yml

Second,I use follow command generate a trace.pcap file,and read from trace.pcap to es.
./packetbeat -c packetbeat-redis.yml -dump trace.pcap -d "publish"

But,first loss some data,second is not loss.By reason first is should the same as second.

system · September 19, 2019, 9:13am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Reading packets from pcap file Beats packetbeat	5	8324	July 5, 2017
Why packetbeat generates result of "libbeat.publisher.published_events" changing every time Beats packetbeat	10	1961	February 16, 2017
Packetbeat to analysi offline packet captures Beats	3	2813	April 17, 2017
Use JSON as input for Packetbeat Beats packetbeat	2	360	May 24, 2023
Packetbeat create pcap file and ingest data Elasticsearch	2	1757	April 8, 2021

Read from pcap file VS Not read from pcap file

Related topics