Product

Using the CloudShark Improved Search API

2 min read

CloudShark 2.0 added a lot of cool new features to CloudShark, but perhaps the most powerful (and most complex) was the addition of search capability to the CloudShark API. The search API function takes the already robust search features of CloudShark that were available through the user interface and brings them to anyone who wants to integrate CloudShark with their existing tools or work CloudShark seamlessly into their automation environment.

Use any of the search features of CloudShark

The CloudShark Search API uses the same powerful search capabilities available in the CloudShark user interface. You can search on file detail fields like filename, user/group, and tags or search on packet details like encapsulation, number of packets, and packet rate.

The API uses the HTTP GET method. Here’s an example of the search API call searching on the tag “boston” using CURL:

curl -XGET “http://cloudshark/api/v1//search?search[tags][]=Boston"

Sort and organize results

Since there’s potentially millions of captures on your CloudShark appliance, the search API needed a way to make sure you get the results you want in the order you want them.

To solve this, the search API returns results in pages. You can specify the number of results per page that will appear, and you can specify the files to be sorted in order of many of the fields you can search on, like file name, upload date, start and end time, or packet size.

You can try the search API by creating an API token in your CloudShark Appliance. You can read the full notes on our search function here! Happy packet searching!

Get articles like this in your inbox: