This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

RestAPI filter time

Go to solution
Anonymous
Not applicable

‎2014-01-14 03:26 AM

Hy,

 

I would like to get data from RSA SA using the Rest API on a continious maner.

I assume that requesting data every second with a filter time windows of let's a day will return the data continiously but it does not seem to be the case. (time frame from A = day 0:0:0 to B = day 23:59:59)

 

the purpose is to update a map every time an event appears.

 

Also I would like to have a bit of information regarding the size parameter which seems to be mandatory.

 

Thanks for your help

 

Guillaume

0 Likes
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Anonymous
Not applicable

‎2014-01-16 12:06 AM

An old example I've used is similar to this:

 

curl -u "admin:netwitness" "http://192.168.0.50:50105/sdk?msg=query&query=select+alias.host,time+where+alias.host+exists%20%26%26%20time=%222012-Sep-11%2000:00:00%22-%222012-Sep-11%2005:00:00%22&size=1000000&force-content-type=text/plain"

 

The where clause is passed to the concentrator or broker and the %20%26%26%20 is basically the equivalent to [space]&&[space].  If you have multiple &&'s that you wanted to link together, you could do so as well using the hex encoding above.

 

The date and time had to be enclosed in quotes and spaces and other special characters hex encoded.  The date format is important as is the dash ( - ) between the %22 values.  This is establishing the range between the start and end dates.  As for the content type at the end, text/plain is on option.  application/json, text/xml are also options. 

View solution in original post

0 Likes
1 REPLY 1

Go to solution
Anonymous
Not applicable

‎2014-01-16 12:06 AM

An old example I've used is similar to this:

 

curl -u "admin:netwitness" "http://192.168.0.50:50105/sdk?msg=query&query=select+alias.host,time+where+alias.host+exists%20%26%26%20time=%222012-Sep-11%2000:00:00%22-%222012-Sep-11%2005:00:00%22&size=1000000&force-content-type=text/plain"

 

The where clause is passed to the concentrator or broker and the %20%26%26%20 is basically the equivalent to [space]&&[space].  If you have multiple &&'s that you wanted to link together, you could do so as well using the hex encoding above.

 

The date and time had to be enclosed in quotes and spaces and other special characters hex encoded.  The date format is important as is the dash ( - ) between the %22 values.  This is establishing the range between the start and end dates.  As for the content type at the end, text/plain is on option.  application/json, text/xml are also options. 

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.