NetwitnessQuery

Performs a query against the meta database.

Script Data


NameDescription
Script Typepython
TagsRSA NetWitness Packets & Logs

Dependencies


This script uses the following commands and scripts.

  • nw-sdk-query

Inputs


Argument NameDescription
id1The starting meta ID. To run the query from the most recent to the oldest meta, make ID1 larger than ID2. (uint64, optional)
id2The ending meta ID. (uint64, optional)
sizeThe maximum number of entries to return, or just stream back all results if zero. (uint32, optional)
queryThe query string to use. (string, optional)
flagsThe flags to use for the query. Can be, "number" (bitwise mask), or "comma-separated-values" like query-log. (string, optional)
thresholdQueries the optimization to stop processing results after the threshold is reached. This is useful with select aggregate functions. Zero means there is no threshold. The default is zero. (uint64, optional)

Outputs


There are no outputs for this script.