I believe the eth_type is logged as little-endian while the value is big-endian. Maybe it can be handled in line 764 in output-json.c with the SCNtohs func call. Also, it may make more sense to log the ether type in HEX instead of decimal.
Subject changed from Ether_type is printed as decimal instead of HEX and it should be handled as BigEndian to eve: ether_type is printed as decimal instead of HEX and it should be handled as BigEndian
Subject changed from eve: ether_type is printed as decimal instead of HEX and it should be handled as BigEndian to anomaly/ether_type: always logged as big endian