What is indexed on the PCAP appliance? Does the entire packet or specific parts of the packet get indexed? The documentation is vague.
QRadar Packet Capture can produce an index automatically during packet
capture. The index can be queried with BPF-like syntax to quickly retrieve
interesting packets in a specified time interval.