with whitespace between each pair. If a has whitespace

send /logs help msg=pull

   pull: Downloads N log entries
    security.roles: logs.manage
    parameters:
    id1 - 
   
     The first log id number to retrieve, this is mutually exclusive with id2
    
 id2 - 
    
      The last log id number that will be sent, defaults to most recent log message when id1 or id2 is not sent
     
 count - 
     
       The number of logs to pull
      
 timeFormat - 
      
        The time format used in each log message, default is posix time (seconds since 1970)
      
     
    
   

The built-in message help says that this command grabs the last N log entries if you omit ID1 and ID2. To look at the last 10 log entries:

send /logs pull count=10 timeFormat=simple

Almost all of the commands on the service follow this simple format. The only commands that do not are the ones that require more complicated handshaking, like importing a PCAP to a Decoder. To import a PCAP, use the NwConsole import command, which takes care of the complicated communication channel handshaking.

Some parameters are specific to NwConsole's send command and are not actually sent to the service. You can use these parameters to change the output format of the response, write the response to a file, or read a file from the local machine and send it to the service. The local parameters to NwConsole's send command all start with two dashes --.

• --output-format — This parameter changes the normal output of the command from plain text to one of these types: JSON, XML, or HTML. The format values is a text output that only writes values (query output, stat/config values, and so on) without any other decorations.
• --output-pathname — Instead of writing the output to the terminal, the output is written to the specified pathname (truncates any existing file).
• --output-append-pathname — This is the same as --output-pathname except that it appends the output to an existing file (or creates the file if it does not exist).
• --file-data — Reads in a file and uses it as the command payload. This is useful for commands like /sys fileEdit. The following example shows how you can send an updated index-concentrator-custom.xml file using NwConsole:

send /sys fileEdit op=put filename=index-concentrator-custom.xml --file-data="/Users/user/Documents/index-concentrator-custom.xml"

• --file-format — When reading an input file with --file-data, this parameter forces NwConsole to interpret the file as a specific type of input. The allowed enumerations are: binary, params, params-list, string and params-binary. As an example, to send a file of application rules (*.nwr) to a Decoder, you can use this command:

send /decoder/config/rules/application replace --file-data=/path/rules.nwr --file-format=params-list

• --string-data — Sends the command payload as a string instead of a list of parameters.
• --binary-data — Sends the command payload as binary instead of a list of parameters.

Example Streaming Query to JSON file (could be a large result set):

send /sdk query size=0 query="select * where service=80 && time='2018-03-05 13:00:00'-'2018-03-05 13:59:59'" --output-format=json --output-pathname=/tmp/query.json

One thing to note about the send command is the fact that, by default, there is a timeout of 30 seconds waiting for a response. Some commands (like the query above) may take longer to receive results. To avoid a premature client-side timeout, you can use the timeout [secs] command to increase the wait. For instance, timeout 600 would wait 10 minutes for a response before timing out. Once enacted, it takes effect for all subsequent commands.

To navigate around the virtual node hierarchy of the service, you can use the cd command like you would on any command shell. This covers the basics of connecting and interacting with a service. Once you are connected, the help command lists all the commands that you can use to interact with the endpoint. These commands do not display when you are not connected to an endpoint.