Hortonworks Docs » Hortonworks Cybersecurity Platform 1.6.0 » Hortonworks Cybersecurity Platform
Hortonworks Cybersecurity Platform
Also available as:
PDF

Query Filter Option

The query filter leverages Stellar and allows you to be more flexible as you define the parameters used by the query. This filter option uses a binary regular expression that can be run on the packet payload itself. The query filter option can produce a very large output and create multiple files populating them with the specified number of records and titling them with timestamps.

The query filter option is specified with the BYTEARRAY_MATCHER(pattern, data) Stellar function. The first argument is the regex pattern and the second argument is the data. The packet data will be exposed with the packet variable in Stellar.

You can use the CLI to query the PCAP data using the query filter option.
© 2012–2019, Hortonworks, Inc.
Document licensed under the Creative Commons Attribution ShareAlike 4.0 License.
Hortonworks.com | Documentation | Support | Community