AnsweredAssumed Answered

Correct format of Netwitness REST API

Question asked by RSA Admin Employee on Jan 28, 2014
Latest reply on Feb 7, 2014 by RSA Admin

Hi, I am using netwitness Decoder for log aggregation and trying to fetch data via REST interface for some internal reporting purpose.

I am trying to generate a values query. But i am stumbled up on forming the query in 2 formats

 

Format 1

http://IP:PORT/sdk?msg=values&id1=0&id2=0&size=200&flags=sort-total,order-descending&fieldName=ip.dst&where+event.type='XYZ'

 

Format 2

http://IP:PORT/sdk?msg=values&id1=0&id2=0&size=200&flags=sort-total,order-descending&fieldName=ip.dst&where=event.type='XYZ'

 

In format 1 we have where followed by + and in format 2 we have where followed by =

Both these queries give different result. What is the correct format? Should we use + after where or = after where?

 

Regards

DJ

Outcomes