See https://github.com/ntop/ntopng/commit/78d505f4ba85e3714532b7560c78c579df4482af <https://github.com/ntop/ntopng/commit/78d505f4ba85e3714532b7560c78c579df4482af>
Regards Luca > On 28 Apr 2015, at 23:41, Karl Austin <[email protected]> wrote: > > Replying to myself. Looking at the _source for the inset in to Elasticsearch > I see: > > {"IPV4_SRC_ADDR":"<src_ip>","L4_SRC_PORT":57305,"IPV4_DST_ADDR":"<dst_ip>","L4_DST_PORT":80,"PROTOCOL":6,"L7_PROTO":7,"TCP_FLAGS":27,"IN_PKTS":5,"IN_BYTES":950,"OUT_PKTS":5,"OUT_BYTES":1462,"FIRST_SWITCHED":1430234839,"LAST_SWITCHED":1430234839,"json":"{ > \"16\": \"65000\", \"17\": \"65001\", \"42\": \"135243\" > }","CLIENT_NW_LATENCY_MS":0,"SERVER_NW_LATENCY_MS":0,"@timestamp":"2015-04-28T15:31:22.697Z","@version":1,"type":"flows"} > > As you can see, the json field is inserted as a string, not as an object, > which to my mind is incorrect. As it means the json field, which contains > the SRC_AS and DST_AS cannot be easily utilised inside Kibana as it is just > treated as a string, so I can't match on json.16 or json.17 (be nice if it > put SRC_AS, DST_AS instead). > > Surely it would make much more sense for json to be set as: > > "json":{ "16": "65000", "17": "65001", "42": "135243" } > > I appreciate I may have missed some discussion in the past re: this. Is this > something that can be fixed? > > Thanks, > > -- > Karl Austin > KDA Web Services Ltd. > Virtual, Dedicated, > Colocation and more > > W: http://www.kdawebservices.com > E: [email protected] > > T: 0207 183 20 30 > F: 0870 762 02 50 > D: 0207 183 20 31 > > Twitter: kdaweb > Facebook: KDA Web Services > > Registered in England: 4114724 > Midcity House, 17-21 Furnival Gate > Sheffield, South Yorkshire > S1 4QR, England > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
