You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Our infrastructure uses plaso (psort.py) to load data into OpenSearch. At the moment, we've been using the generate_timeline_from_es_index function to load the data into timesketch. We'd rather use the opensearch_ts module so we don't need another pass over the data. However, for this, we need to have a timeline id to pass along. In general, it would be nice to create searchindexes and timelines via the api client.
Having looked through the code, my suggestion would be to split out the code that creates the timeline and searchindex in the generate_timeline_from_es_index function so these functions can also be called directly. That way, a timeline can be created via the api and passed along to psort.py to send data directly to the right timeline.
I've created a PR that fits my suggestion, but it's the first time working on this codebase so I am happy to amend anything, or throw it all away if a different approach is better! Happy to contribute either way.
The text was updated successfully, but these errors were encountered:
Tijnoz
changed the title
Timeline create command
Timeline creation in the api client
Sep 30, 2023
Our infrastructure uses plaso (psort.py) to load data into OpenSearch. At the moment, we've been using the
generate_timeline_from_es_indexfunction to load the data into timesketch. We'd rather use theopensearch_tsmodule so we don't need another pass over the data. However, for this, we need to have a timeline id to pass along. In general, it would be nice to create searchindexes and timelines via the api client.Having looked through the code, my suggestion would be to split out the code that creates the timeline and searchindex in the
generate_timeline_from_es_indexfunction so these functions can also be called directly. That way, a timeline can be created via the api and passed along to psort.py to send data directly to the right timeline.I've created a PR that fits my suggestion, but it's the first time working on this codebase so I am happy to amend anything, or throw it all away if a different approach is better! Happy to contribute either way.
The text was updated successfully, but these errors were encountered: