Reading packet from a lot of .pcap file?

wangyufeng0615 · January 31, 2018, 6:59am

Hello everyone,

I have a lot of .pcap file in one folder (~10,000). I want import this data to elasticsearch.

As I know, flag "-I" can import just one .pcap file at one time.

Is there any way I can do this? Thanks a lot!

pierhugues · January 31, 2018, 4:06pm

@wangyufeng0615 Not out of the box, we mostly use -I for development purpose, but you can write a simple shell script to loop through all the files.

Also make sure you use -t, so packetbeat read the file as fast as possible.

  -t, --t                    Read packets as fast as possible, without sleeping

wangyufeng0615 · February 1, 2018, 5:04am

Thank you for you advice! @pierhugues
I will try to write a shell script.

system · March 1, 2018, 5:04am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Import large PCAP with Packetbeat Beats	4	1551	November 14, 2019
Reading packets from pcap file Beats packetbeat	5	8323	July 5, 2017
Loading a pcap file Beats packetbeat	3	2587	February 13, 2017
Packetbeat input from pcap -> all sniffed field on ELK Beats packetbeat	6	2061	October 4, 2018
Packetbeat to analysi offline packet captures Beats	3	2813	April 17, 2017

Reading packet from a lot of .pcap file?

Related topics