SDK Commands

All queries on the system are performed by commands sent to the /sdk node.

The /sdk node has built-in help documentation for each message. To view the help for each command, click on the asterisk (*) beside the sdk node and then choose one of the messages from the drop-down menu. The documentation for the message is displayed in the Output window at the bottom of the screen.

To access the help:

  1. From the root node tree page, click sdk. (For information on accessing the root tree note page, see Access the RESTful API in NetWitness Platform.)
  2. Click the asterisk (*) next to sdk.
    Information about the /sdk node is displayed.
  3. To find more specific information, select a property from the Properties for /sdk drop-down menu:
    The help for the property that you selected is displayed in the Output section:

SDK Commands Further Reference

This guide should be used in conjunction with the SDK documentation, which explains the format of queries and results. This document primarily focuses on how to send queries and parameters via the REST API, not how the queries themselves are formatted. The Core Database Tuning Guide explains those concepts in detail. Go to the Master Table of Contents for NetWitness Logs & Packets 11.x to find all NetWitness Platform 11.x documents. All metadata returned via REST is encoded as UTF-8.

There is another parameter specific to the REST API called expiry. This parameter can be set to the number of seconds to wait for a response before the system returns a timeout error. The default is 30 seconds, which is sufficient for most requests. For queries, the standard SDK sets an infinite timeout. If you set expiry to zero (&expiry=0), this removes the timeout for that request. It is probably a good idea to set a larger timeout for queries and other requests that may take longer than 30 seconds during normal operations.