Documentation #4352
open
Devguide: Debugging Basics - pcap_cnt
Added by Shivani Bhardwaj over 4 years ago.
Updated 2 days ago.
Description
What is pcap_cnt.
How to use it to correlate packet data with Wireshark.
jq commands to check/sort pcap_cnt for particular situations.
- Assignee changed from Shivani Bhardwaj to Juliana Fajardini Reichow
- Priority changed from Normal to Low
- Target version set to 8.0.0-beta1
- Assignee changed from Juliana Fajardini Reichow to OISF Dev
- Target version changed from 8.0.0-beta1 to 8.0.0-rc1
- Target version changed from 8.0.0-rc1 to 8.0.0
- Target version changed from 8.0.0 to 8.0.1
jq -s 'sort_by(.pcap_cnt)' < eve.json
Use this to sort EVE records by pcap_cnt
This will be more useful if included in the user guide -- eve-json-examples and eve-json-output?
- Target version changed from 8.0.1 to 8.0.2
Also available in: Atom
PDF