RSA Admin

Getting logs from netwintess in reverse order

Discussion created by RSA Admin Employee on Jun 26, 2013

HI All, I am playing with nw lately and have a question on retrieving the logs in reverse order.

 

Say i execute query to get sessionid from time A to time B. I get sessionids starting from Time A to Time B. I get the first sessionid for Time A. Rather is there a parameter in query by specifying which i can get the first session id for Time B and descending till Time A?

 

I can use descending order flag. It will only reverse the output(100 results in descending if size is 100) But if there are say more than 1,000,000 logs mentioning size as 1,000,000 makes query slower.

 

And when we fetch logs for last 30 minutes. Getting the recent log makes more sense than getting the log from 30 min ago.

 

Can this be achieved in any way?

 

Regards

DJ

Outcomes