000034244 - How to know the number of unique values indexed for a specific meta key in RSA Netwitness

Document created by RSA Customer Support Employee on Oct 24, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • Comment0
  • View in full screen mode

Article Content

Article Number000034244
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: SA Security Analytics Server
RSA Version/Condition: 10.5.x, 10.6.x
Platform: Linux
O/S Version: CentOS
Product Name: Netwitness for Logs and Packets
 
IssueHow to get  information regarding the meta key (eg. size consumed, number of unique values ..etc)
Resolution

From SA GUI, Please follow the below steps:


1- Go to Administration -> Services -> concentrator -> view -> explore
2- From the Left panel: right click on "index"  and choose properties
3- Choose "Inspect" and from the Parameters put something like "key=reference.id"
User-added image
You can replace the "reference.id" with the needed meta key
4- The output should look like:
sessions:5748
summary2:851199
pages:1
session2:5967792
size:5934526
session1:5923468
summary1:851199
values:21
key:reference.id
packets:5748
pathname:/var/netwitness/concentrator/index/managed-values-29/reference.id.nwindex
summaries:1

 
NotesInformation about the values in step 4 can be  found in Index Inspect

Attachments

    Outcomes