Search Command

Document created by RSA Information Design and Development on Apr 10, 2019Last modified by RSA Information Design and Development on Jan 31, 2020
Version 5Show Document
  • View in full screen mode

The search command is used to perform a content search on a session, returning any hits found in a query response. It is equivalent to the standard SDK NwSearch function.

An example search string is:

select hit, pretext, posttext where keyword=’netwitness’ sp ci ds

The optional parameters at the end of the string have the following meanings:

  • sp = Search Packets

  • ci = Case Insensitive

  • ds = Decode Sessions (e.g., convert email attachments before searching)

To do a regular expression search, change keyword to regex.

You are here
Table of Contents > Search Command