I am trying to find a method where I can remove unneeded data from our archivers.
Idea:
- Run nwconsole (sdk content command) on all Archivers and output sessionid list that match where clause device.type = 'unknown'
- Feed that sessionid list to wipe SDK command on archivers to clear meta, session, raw for those sessionids on all attached DAC storage.
Has anyone done anything similar to this in the past and can provide me a way in NwConsole to export sessionids?
Kevin,
You can use the nwget-logs.py script which uses sessionids to pull raw logs, you can modify that script to output a text file with the sessionids. I provided the script some time ago -- let me know if you need it again and I'll email it to you. However, I have not been able to get the 'wipe' REST call to work for meta or raw (packets/logs) and I have an open engineering case on the functionality. I'll let you know once I make progress on that case. If you try to send a valid sessionid to the Log Decoder or Concentrator 'database' -> 'wipe' -> using meta (m) or raw (p), it doesn't seem to remove that session.