eve log configuration snippet:
 - eve-log:
      enabled: yes
      filetype: regular #regular|syslog|unix_dgram|unix_stream|redis
      filename: alert.json
      types:
        - alert
        - http                # enable dumping of http fields
        - tls               # enable dumping of tls fields
#        - flow
        - smb
        - krb5
        - dhcp

bad pcap json output:
{"timestamp":"2018-06-27T13:13:30.985950-0400","flow_id":1126276886349493,"pcap_cnt":20,"event_type":"krb5","src_ip":"192.168.51.206","src_port":55284,"dest_ip":"192.169.160.131","dest_port":88,"proto":"TCP","krb5":{"msg_type":"KRB_ERROR","failed_request":"KRB_AS_REQ","error_code":"KDC_ERR_PREAUTH_REQUIRED","cname":"<empty>","realm":"<empty>","sname":"krbtgt\/dom.test.lo.com","encryption":"<none>","weak_encryption":false}}
{"timestamp":"2018-06-27T13:13:31.007010-0400","flow_id":1944747329068283,"pcap_cnt":33,"event_type":"krb5","src_ip":"192.168.51.206","src_port":55286,"dest_ip":"192.169.160.131","dest_port":88,"proto":"TCP","krb5":{"msg_type":"KRB_AS_REP","cname":"user01","realm":"dom.test.lo.com","sname":"krbtgt\/dom.test.lo.com","encryption":"rc4-hmac","weak_encryption":true}}

good pcap json output:
{"timestamp":"2018-06-27T12:21:59.941117-0400","flow_id":90858852928409,"pcap_cnt":55,"event_type":"krb5","src_ip":"192.168.51.206","src_port":56850,"dest_ip":"192.168.51.212","dest_port":88,"proto":"TCP","krb5":{"msg_type":"KRB_TGS_REP","cname":"jason","realm":"LOWHANGINGFRUIT.COM","sname":"http\/lowhangingfruit.com","encryption":"rc4-hmac","weak_encryption":true}}
{"timestamp":"2018-06-27T12:21:59.924705-0400","flow_id":1648394383071138,"pcap_cnt":37,"event_type":"krb5","src_ip":"192.168.51.206","src_port":56846,"dest_ip":"192.168.51.212","dest_port":88,"proto":"TCP","krb5":{"msg_type":"KRB_ERROR","failed_request":"KRB_AS_REQ","error_code":"KDC_ERR_PREAUTH_REQUIRED","cname":"<empty>","realm":"<empty>","sname":"krbtgt\/LOWHANGINGFRUIT.COM","encryption":"<none>","weak_encryption":false}}
{"timestamp":"2018-06-27T12:21:59.929675-0400","flow_id":1652483191941483,"pcap_cnt":46,"event_type":"krb5","src_ip":"192.168.51.206","src_port":56848,"dest_ip":"192.168.51.212","dest_port":88,"proto":"TCP","krb5":{"msg_type":"KRB_AS_REP","cname":"jason","realm":"LOWHANGINGFRUIT.COM","sname":"krbtgt\/LOWHANGINGFRUIT.COM","encryption":"rc4-hmac","weak_encryption":true}}