Duplicate Event Tags in pinfo #1067
Comments
joachimmetz
added
the
blocked
|
How tags are currently stored are far from optimal. We are planning to overhaul this as part of #568 |
|
10-4, thanks for the update |
|
Closing issue, it refers to the old ZIP based storage file. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Plaso version:
Ubuntu Development Release 1.5.2_20161224
Operating system Plaso is running on:
Windows XP
Installation method:
Built using git clone https://github.com/log2timeline/plaso.git
Description of problem:
I ran two (slightly different) tagging analyses over the same storage file and found the number of event tags doubled when an entry was tagged twice with the same tag.
The output using psort de-duplicates fine and doesn't appear to cause any issues. The only thing that seems to be affected is the pinfo report "Event tags generated per label", which reports double the amount of tags that actually exist.
Not sure if this qualifies as an issue or something I should just not do again.
The text was updated successfully, but these errors were encountered: