|Applies To||RSA Product Set: Security Analytics|
RSA Product/Service Type: Security Analytics Servers
RSA Version/Condition: 10.4.x,10.5.x
O/S Version: EL6
|Resolution||To begin, login to the rest API of the device you would like to query|
Execute your query in the where clause:
For example, to extract data collected from a device with ip address 192.168.10.11 between March 4th 2015 at 8:15 AM and March 6th 2015 at 8:20AM, the following is the syntax to use in the where clause"
ip.src="192.168.10.11" && time="2015-Mar-4 8:15"-"2015-Mar-6 8:20"