timesketch icon indicating copy to clipboard operation
timesketch copied to clipboard

Published 20 hours ago verified publisher icon google

Show amount of events in a saved search on the overview page

Open itsmvd opened this issue 3 years ago • 6 comments

It would be great to see in the amount of events that are in a saved view (on the overview page). At this moment you have to click on each individual saved search to see how many events the saved search surfaces, which isn't very user friendly if you're collaborating on a sketch.

itsmvd avatar Aug 23 '21 02:08 itsmvd

This is a great idea and should be pretty simple to implement (just run the query with count and no result). We might want to consider caching the result on the client side though.

berggren avatar Sep 12 '21 22:09 berggren

@itsmvd is this something that you would like to take on? :)

berggren avatar Sep 12 '21 22:09 berggren

Yep will do

itsmvd avatar Sep 12 '21 22:09 itsmvd

Would it be "better" to display the number of results in the explore view like we do with data_type and stared events?

jaegeral avatar Aug 22 '22 20:08 jaegeral

Sorry, I did not get time to work on this issue so I've unassigned myself. Having it in on the explore page defeats the purpose of this FR, after all when you're on the explore page you can already see the amount of events in that view.

This is about having a sketch with numerous saved views (which could be created by analyzers, tools, manually etc.) and knowing which ones have events in them and how many, so you can assess which might be useful to click into.

itsmvd avatar Aug 22 '22 23:08 itsmvd

We do not have an overview page anymore, so I move this idea to the future for now.

jaegeral avatar Mar 28 '23 14:03 jaegeral