trail_slice
Trail index object. Specifies the parameters that were indexed for a connection (per channel)
connection_typestring
defines the connection type
Possible values: [SSH, API]
connection_idstring
defines the connection id
channel_idstring
defines the channel id
protocolstring
Possible values: [SSH, RDP, HTTP]
timestampstring<date-time>
indicates the timestamp of the indexed content
Example:
2017-01-01T15:05:05Zpositioninteger
specifies the position relative to the start of playback in milliseconds
contentstring
the indexed connection data in textual format for a given time window
Example:
ls -ltrextra object
commandstring
SSH exec command
ptyboolean
defines if the searched SSH channel uses PTY
http_requeststring
API connection sanitized HTTP request headers
http_request_idstring
API connection HTTP request ID
http_responsestring
API connection sanitized HTTP response headers
http_response_timestampstring
API connection HTTP response timestamp
http_transportstring
API connection HTTP transport
Possible values: [tls, plaintext]
trail_slice
{
"connection_type": "SSH",
"connection_id": "string",
"channel_id": "string",
"protocol": "SSH",
"timestamp": "2017-01-01T15:05:05Z",
"position": 0,
"content": "ls -ltr",
"extra": {
"command": "string",
"pty": true,
"http_request": "string",
"http_request_id": "string",
"http_response": "string",
"http_response_timestamp": "string",
"http_transport": "tls"
}
}