000034244 - How to find the number of unique values indexed for a specific meta key in RSA NetWitness

Document created by RSA Customer Support Employee on Oct 24, 2016Last modified by RSA Customer Support on May 7, 2019
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000034244
Applies ToRSA Product Set: Security Analytics, NetWitness Logs & Network
RSA Product/Service Type: Security Analytics Server, Concentrator
RSA Version/Condition: 10.5.x, 10.6.x, 11.x
Platform: CentOS
O/S Version: 6, 7

TasksThe following steps will provide important information regarding the meta key (eg. size consumed, number of unique values, etc.)

From the RSA NetWitness UI, follow the steps below:

1. Navigate to Administration -> Services -> Concentrator -> View -> Explore

2. From the panel on the left-hand side of the page: right click on the "
index" directory and choose the option "Properties."

3. Choose "
inspect" from the first drop-down menu, and in the "Parameters" box next to it, type in the meta key in question, and press "Send." "key=reference.id" is the parameter used in this specific example below. You can replace the "reference.id" with the meta key of your choice.

4. Part of the output that you receive should be similar to the output below:



  • Information about the values in Steps 3 and 4 can be found here: Appendix B: Index Inspect
  • The screenshots and outputs are taken from an 11.x environment but are very similar in a 10.6.x environment, with the order of the output slightly modified