Find sessions command line usage examples

You can view usage information for the command line interface using the /help option. That information is included here as well.

Usage: 
FindSessions.exe [Connection] [Query] [Action] [Parameter] 

Connection:
/i=<installation name> or /installation=<installation name>
Make a connection to the specified DirectAudit Installation.

Query:
Query can be defined by AQL or individual search criteria
/a=<aql statement> or /aql=<aql statement>
Use the specified AQL as a search criteria to find the audited sessions from DirectAudit databases.  
This option should not be used together with /user, /machine or /activetime.
/u=<user name> or /user=<user name>
Find all audited sessions for a particular user from DirectAudit databases.  
This option can be used together with /machine and /activetime, which means the returned sessions need to fulfill all specified criteria.  
This option should not be used with /aql option.			
/m=<machine name> or /machine=<machine name>
Find all audited sessions for a particular machine from DirectAudit databases.  
This option can be used together with /user and /activetime, which means the returned sessions need to fulfill all specified criteria.  This option should not be used with /aql option/t=<time> or /activetime=<time>.
/t=<time> or /activetime=<time>
Find all active audited sessions at a particular time from DirectAudit databases.  This option can be used together with /user and /machine, which means the returned sessions need
to fulfill all specified criteria.  This option should not be used with the /aql option.
/r="role1;role2" or /role="role1;role2"
Find all sessions with role role1 OR role2. Must be used with /export="UnixCommand|UnixInput|UnixInputOutput". If /role and /ticket are used together, sessions meeting role AND ticket criteria are searched.
/k="ticket1;ticket2" or /ticket="ticket1"
Find all sessions with trouble ticket ticket1 OR ticket2. Must be used with /export="UnixCommand|UnixInput|UnixInputOutput". If /role and /ticket are used together, sessions meeting role AND ticket criteria are searched.
Action:
/delete
Delete the sessions by the query.
/export=[SessionList|WashEvents|UnixCommand|UnixInput|UnixInputOutput]
Export the sessions by the query. This option should used with /path option.
Parameter:
/path
Folder to save the export files. This option should used with /export option
/format=[html|htm|csv|pdf|xml]
Export the session list. this option should used with /export=SessionInfo /path=<folder path>
/suppresswarning
Suppress warning messages.
/onerror=[continue]
Continue processing session list if one or more databases are unreachable.

Examples:

FindSessions /installation="installation sample" /aql="1 time is in this week"
FindSessions /installation="installation sample" /aql="1 inputcommand = \"dzdo*\"\"" /delete
FindSessions /installation="installation sample" /aql="1 text = \"dzdo\"\"" /suppresswarning 
/export="UnixInput" /path="folder path"
FindSessions /installation="installation sample" /user="user sample" /machine="machine sample" 
/activetime="2011-12-24 15:30:45"
FindSessions /installation="installation sample" /aql="1 module = \"Windows PowerShell\"\"" 
/export="SessionList" /format="html" /path="folder path"
FindSessions /installation="installation sample" /aql="1 time is in this month" 
/export="UnixInputOutput" /path="folder path" /role="role1;role2" /ticket="ticket1;ticket2"

Note:   If the last field that you're search for includes double quotes, you need to escape the quotes. For example, findsessions -i=”MyInstallation” /aql=”1 time is in this week” doesn't have this issue but FindSessions /i="MyInstallation" /a="1 sessionid =  \"a4006f20‑6465-4db1-a2e7-a4e1f646c835\"\" does.