Select your own table fields for queries and export

We’ve borrowed yet another keyword from SPL: table.

Table is a search modifier that allows you to select which fields you want to have shown in the GUI or exported in an Excel file. By default you get the fields that we think are most useful. Since “useful” depends a lot on what you are looking for you should be able to determine this yourself. Now you can. Here are a few examples:

If you want all titles on both the http and https version of your websites, try this:

   index=websites | table url https_title http_title

If you want all raw headers for your website, this query will do it:

   index=websites | table url https_headers

For a list of all nameservers specified at your domain registrar, try:

   index=whois | table domain nameservers

Proxy support for Python API module

The newversion of the Python module is now proxy aware. If you run it from an internal network and need to set a proxy, do it like this:

st = ShadowTrackr(api_key=API_KEY)
st.set_proxy(“10.0.0.1:8080”)

You can find the code on Github or just update it with:

pip install shadowtrackr —upgrade 

Group by field in search results

Again more search options this week. The first and most important one is that you can now group by any field in the data model with the keyword by.

For example if you want to get a list of all the registrars you used to buy your domain names, you do:

  index=whois by registrar

Or if you want to have a list of ISPs you use:

  index=hosts by isp

The results will automatically have a field called count that shows the number of search results grouped in the by field. This is quite useful input for pie charts too.

Other new additions are the earliest and latest keywords. They allow you to specify date ranges the easy way. For example if you want all certificate issuers used in the last month:

  index=certificates by issuer latest=-1m

More details on the Search and Queries page.