Skip to main content
Version: v41

index_search

Search object for the search request. Attributes can be comma-separated strings (or in case of keyword, comma or space-separated). Individual attributes form a AND query and multiple values within an attribute form an OR query. E.g. search "dev 10.0" translates to WHERE (field1 like %dev% OR field2 like %dev%) AND (field1 like %10.0% OR field2 like %10.0%)

keywordsstring

Comma or space-separated strings to search across all connection attributes. The leading and trailing wildcards for the keywords are implicit.

protocolstring

Possible values: [SSH, RDP]

connection_idstring

defines the connection id to be searched for

channel_idstring

defines the channel id to be searched for

start_timestring<date-time>

defines the start time for search - abosulte timestamp in the connection

Example: 2017-01-01T15:05:05Z
end_timestring<date-time>

defines the end time for search - absolute timestamp in the connection

Example: 2017-01-01T15:05:05Z
start_positioninteger

specifies the start position to search for in milliseconds - relative to the start of connection

Example: 10
end_positioninteger

specifies the end position to search for in milliseconds - relative to the start of connection

Example: 100
index_search
{
  "keywords": "string",
  "protocol": "SSH",
  "connection_id": "string",
  "channel_id": "string",
  "start_time": "2017-01-01T15:05:05Z",
  "end_time": "2017-01-01T15:05:05Z",
  "start_position": 10,
  "end_position": 100
}