Git Product home page Git Product logo

Comments (5)

jkppr avatar jkppr commented on June 5, 2024

Hi @Kamforka , thanks for bringing this to our attention. In general, the number of events (counter) next to the timeline displays how many events are found for your current search. Given you are using a deployment from 2021, this is probably still with the old UI and the behaviour of the counter could have been different back then.

Let's check the low hanging fruits first:

  • Does the sketch return any events if you click any of the data_types in the left panel or if you search for * (star)?
  • If you do an upgrade for the instance, have you run the database migration?
  • Are there any errors in the webserver logs (timesketch/logs/wsgi_error.log on a prod deployment)?

from timesketch.

Kamforka avatar Kamforka commented on June 5, 2024

Hi @jkppr and thanks for the quick reply!

No database migration yet as this is a brand new instance without any legacy data.

Oh well, searching for * did the trick:

image

I have a couple of weird observations though, first being the datetime values, look like broken. Then I cannot click on any data_types in the left panel as it's showing 0 for some reason. Is that a possible misconfiguration or normal?

from timesketch.

jkppr avatar jkppr commented on June 5, 2024

You mentioned above that you are uploading CSV files. Does your CSV entries have a field called data_type to begin with? Is this information also missing, when you upload a Plaso file?

from timesketch.

Kamforka avatar Kamforka commented on June 5, 2024

Hi @jkppr yeah indeed we don't have the data_type field in our input. Is that also the reason for the cryptic datetime display?

I've successfully migrated our deployment to the latest timesketch version with the opensearch backend, and I've imported a timeline today but I still don't know what's causing this datetime bug:

image

As you can see the row's datetime column displays the weird value of +056316-01-27T04:00:00.000Z while the actual timeline entry has a proper datetime value of 2024-05-06T11:51:36+00:00, also the timestamp value of 1714996296 is looking okay to me.

Any guesses what can cause this bug?

from timesketch.

Kamforka avatar Kamforka commented on June 5, 2024

I did some research and looks like the past version of timesketch accepted timestamps up to the second precision but now only microsecond precision works.

Is this something that can be configured or should I change our timeline generator tool to produce microsecond precision timestamps?

from timesketch.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.