Revision history [back]
Yes, it's supposed to be readable by Elasticsearch. As the TShark man page says:
T ek|fields|json|jsonraw|pdml|ps|psml|tabs|text
Set the format of the output when viewing decoded packet data. The options are one of:ek Newline delimited JSON format for bulk import into Elasticsearch. ...
I.e., it was not designed, by the JSON/Elasticsearch people, for easy human readability, it was designed for easy readability by Elasticsearch. If that means that it's less human readable than intentionally human-readable text, that's life.
Yes, it's supposed to be readable by Elasticsearch. As the TShark man page says:
T ek|fields|json|jsonraw|pdml|ps|psml|tabs|text
Set the format of the output when viewing decoded packet data. The options are one of:ek Newline delimited JSON format for bulk import into Elasticsearch. ...
I.e., it was not designed, by the JSON/Elasticsearch people, for easy human readability, it was designed for easy readability by Elasticsearch. If that means that it's less human readable than intentionally human-readable text, that's life.