timesketch icon indicating copy to clipboard operation
timesketch copied to clipboard

Published 20 hours ago verified publisher icon google

Stats on Overview page not being populated

Open mark-hallman opened this issue 3 years ago • 1 comments

Describe the bug The stats on the Overview Page are not being completely populated. Example: The number of events in the Sketch are listed as Zero but the many events and timelines in the Sketch.

To Reproduce The data was loaded with the following commands.

log2timeline.py --parsers 'mactime' --hashers md5 --status_view window --storage_file /cases/528/plaso/sam-adragoon-l.plaso /cases/528/mft/sam-adragoon-l.body

log2timeline.py --parsers '!mft,!usnjrnl,!filestat' --hashers md5 --status_view window --storage_file /cases/528/plaso/sam-adragoon-l.plaso cases/528/collect/sam-adragoon-l/C

# for my load verification - not part of the actual load to Timesketch.
psort.py --output-time-zone 'UTC' -o l2tcsv -w /cases/528/psort/sam-adragoon-l.csv  /cases/528/plaso/sam-adragoon-l.plaso

# for my load verification - not part of the actual load to Timesketch.
pinfo.py -w /cases/528/pinfo/sam-adragoon-l.pinfo /cases/528/plaso/sam-adragoon-l.plaso

timesketch_importer -u sansforensics -p forensics --host http://127.0.0.1 --index_name sam-sam-adragoon-l  --sketch_id 1 --timeline_name sam-sam-adragoon-l  /cases/528/plaso/sam-adragoon-l.plaso

Expected behavior I would expect that the stats are updated with the total number of events loaded. The sum of the events for each timeline in the sketch.

Screenshots

image image image

Desktop (please complete the following information):

  • Ubuntu 20.04
  • I'm running Timesketch as a Docker container.
  • Plaso (version 20211024) is installed locally.
  • timesketch_importer --version
    • API Client Version: 20210602
    • Importer Client Version: 20210602
  • I don't know how to get the Timesketch version. Docker is using the :latest tag and I could not trace that back.

Additional context The Timesketch UI looks different that the last version. I have noted some of those item in the screenshots provided.

mark-hallman avatar Nov 19 '21 16:11 mark-hallman

Thx for reporting that, yes afair this was set to zero by purpose as we had seen performance issues.

It is also related to: https://github.com/google/timesketch/issues/1927

jaegeral avatar Nov 19 '21 16:11 jaegeral

Because we are in the move to a new frontend, I am going to close this issue.

jaegeral avatar Dec 02 '22 21:12 jaegeral