Search boundaries

[jadominguez]

Is there a way to limit the search or dump to a specific date/time range. This can be useful when working on specific incidents where we understand the timeline of the event. I did not see anything specific in the examples that would allow me to do that.

I tried to follow the source code by I am not a Go programmer.

Thank you,

José.

[JustinAzoff]

yeah.. I think that should be doable. The databases index ip address to filename, and the filename_to_time_regex option lets it turn a filename back into a time. I think I could add 'earliest' and 'latest' options to the search and dump endpoints.. would that work?

[jadominguez]

Hello Justin. I think that should do the trick. Could I use both options at the same time? If so, that effectively accomplishes what I was thinking. If only one of the options is used, then we could assume that it should start at the beginning or end of the database set. Thank you.