Autopsy Keyword Search Module

From SleuthKitWiki
Revision as of 09:43, 24 February 2014 by Carrier (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Autopsy uses Lucene SOLR for indexed keyword searching.


This section contains some tips for debugging SOLR issues.

  • Connect to the admin console using
* http://localhost:23232/solr/admin
  • You can see query results with a string like this (replace foo with the search term):
* http://localhost:23232/solr/coreCase/select?q=foo
  • You can get a debug query with this:
* http://localhost:23232/solr/coreCase/select?q=foo&wt=xml&debugQuery=true
  • You can do a regexp test query with this (replace foo with regexp):
* http://localhost:23232/solr/coreCase/terms?terms.regex=foo&terms=true&terms.limit=20000&terms.regex.flag=case_insensitive&terms.fl=content_ws&timeAllowed=90000&debugQuery=false