NetWitness Nuggets - Using EPL Tryout

Video created by Lee Kirkpatrick Employee on Feb 9, 2017

    Short video explaining how to use the EPL Tryout web page.

     

    EPL Statements

    create schema Event(ip_src string, user_dst string);

    SELECT * FROM Event

     

    Time and Event Sequence

    Event={ip_src='192.168.1.1', user_dst='Lee'}

    t=t.plus(5 seconds)

    Event={ip_src='192.168.1.1', user_dst='Lee'}