Mike Pilkington

Based on the AWS article you linked to, it looks like they are now producing clients that are intended to be backward and forward compatible. Would using their golang client...

Yes, you can use what you need. I don't think you'll find anything for the CCM artifact though (we didn't have SCCM running).

I'm facing the exact same error using jsonl via timesketch_importer. And as @splunk-user1 reported, I also get `Internal Server Error` when using the web UI to upload. However, he reported...

> Interesting, I didn't know ES didn't like uppercase in index name. Quick question @mpilking why do you need to specify the index name here? If you leave it out...

This feature would be very useful for large plaso databases. In particular, it would be super useful if we could upload a subset of events to Timesketch based on a...

Ok, I will write up a thorough feature request for Timesketch.

Bumping this so it doesn't close automatically. This is an issue that should be addressed.

This workaround worked for me. Should we put a note on the main README page? 

Thanks for testing more and posting your results @RobinUndermost. We'll try to get it sorted, but at least we have a reasonably easy workaround for now.

I just created an AWS SIFT instance again for the first time in a while. I used the User Data fix above and it worked fine. Maybe there are edge...