When extracting json from wireshark. I get multiple 'asterix' entries in the json data. However when loading into python only the second asterix packet is loaded. Example json data below with ... replacing excess lines.
[
{
"_index": "packets-2021-07-02",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame": { ...
},
"eth": { ...
},
"ip": { ...
},
"udp": { ...
},
"asterix": {
"asterix.category": "48",
"asterix.length": "54",
"asterix.message": { ...
}
},
"asterix": {
"asterix.category": "34",
"asterix.length": "20",
"asterix.message": { ...
}
}
}
}
]
using the code below to import into python
import json
data=json.load(open(r'C:\Users\cjtlo\Documents\json_2packet.json'))
print(data)
This results in data without the category 48 asterix in the print of data.
[
{
"_index": "packets-2021-07-02",
"_type": "doc",
"_score": null,
"_source": {
"layers": {
"frame": { ...
},
"eth": { ...
},
"ip": { ...
},
"udp": { ...
},
"asterix": {
"asterix.category": "34",
"asterix.length": "20",
"asterix.message": { ...
}
}
}
}
]
If I manually remove the category 34 data then the category 48 exists. Is this to do with them both having the same name 'asterix'? Any help much appreciated.
