Index the contents of executions (sessions) made by users in which you could use a powerful query syntax to search.
the id of the session
the id of the user
the connection name of this session
the connection type of this session
the type of the execution (exec,connect)
the size in bytes indexed
the input sent by the user
output returned from the remote service
if the execution returned an error
when the execution started
when the execution ended
the duration of the session in seconds
The scope of the search is bound for non-admin users. Only admin users can search for sessions that belongs to other users using the qualifier
outputare indexed truncated when it reaches 600KB. You are able to filter sessions truncated using
Content is indexed if the plugin is enabled, configured for a particular connection and after the session is closed. Additionally, a job is started daily at 23:30 UTC to index all sessions that are enabled for connections. It index the last 45 days by default.
You can try the search api with the hoop command line, consult the search syntax page to see how to interact with the API.
hoop search <QUERY>
Search for content in sessions Usage: hoop search QUERY [flags] Flags: --facets strings The facets to display, [connection,connection_type,user,error,verb,duration] --fields strings The fields to display -f, --file string The path of the file containing the bleve index -h, --help help for search -l, --limit int The max results to return (default 50) -m, --mark Highlight results -o, --offset int The offset to paginate results