How to use the timesketch.models.sketch.SearchIndex.query.filter_by function in timesketch
To help you get started, we’ve selected a few timesketch examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
log2timeline / plaso / plaso / output / timesketch_out.py View on Github 
def Close(self):
"""Closes the connection to TimeSketch Elasticsearch database.
Sends the remaining events for indexing and removes the processing status on
the Timesketch search index object.
"""
super(TimesketchOutputModule, self).Close()
with self._timesketch.app_context():
search_index = timesketch_sketch.SearchIndex.query.filter_by(
index_name=self._index_name).first()
search_index.status.remove(search_index.status[0])
timesketch_db_session.add(search_index)
timesketch_db_session.commit()def _set_timeline_status(index_name, status, error_msg=None):
"""Helper function to set status for searchindex and all related timelines.
Args:
index_name: Name of the datastore index.
status: Status to set.
error_msg: Error message.
"""
searchindex = SearchIndex.query.filter_by(index_name=index_name).first()
timelines = Timeline.query.filter_by(searchindex=searchindex).all()
# Set status
searchindex.set_status(status)
for timeline in timelines:
timeline.set_status(status)
db_session.add(timeline)
# Update description if there was a failure in ingestion
if error_msg and status == 'fail':
# TODO: Don't overload the description field.
searchindex.description = error_msg
# Commit changes to database
db_session.add(searchindex)
db_session.commit()def run(self, name, index, username):
"""Create the SearchIndex."""
es = ElasticsearchDataStore(
host=current_app.config['ELASTIC_HOST'],
port=current_app.config['ELASTIC_PORT'])
user = User.query.filter_by(username=username).first()
if not user:
sys.stderr.write('User does not exist\n')
sys.exit(1)
if not es.client.indices.exists(index=index):
sys.stderr.write('Index does not exist in the datastore\n')
sys.exit(1)
if SearchIndex.query.filter_by(name=name, index_name=index).first():
sys.stderr.write(
'Index with this name already exist in Timesketch\n')
sys.exit(1)
searchindex = SearchIndex(
name=name, description=name, user=user, index_name=index)
searchindex.grant_permission('read')
db_session.add(searchindex)
db_session.commit()
sys.stdout.write('Search index {0:s} created\n'.format(name))def run(self, name, index, username):
"""Create the SearchIndex."""
es = ElasticSearchDataStore(
host=current_app.config['ELASTIC_HOST'],
port=current_app.config['ELASTIC_PORT'])
user = User.query.filter_by(username=username).first()
if not user:
sys.stderr.write('User does not exist\n')
sys.exit(1)
if not es.client.indices.exists(index=index):
sys.stderr.write('Index does not exist in the datastore\n')
sys.exit(1)
if SearchIndex.query.filter_by(name=name, index_name=index).first():
sys.stderr.write(
'Index with this name already exist in Timesketch\n')
sys.exit(1)
searchindex = SearchIndex(
name=name, description=name, user=user, index_name=index)
searchindex.grant_permission(None, 'read')
db_session.add(searchindex)
db_session.commit()
sys.stdout.write('Search index {0:s} created\n'.format(name))def get(self, sketch_id):
"""Handles GET request to the resource.
Handler for /api/v1/sketches/:sketch_id/event/
Args:
sketch_id: Integer primary key for a sketch database model
Returns:
JSON of the datastore event
"""
args = self.parser.parse_args()
sketch = Sketch.query.get_with_acl(sketch_id)
searchindex_id = args.get('searchindex_id')
searchindex = SearchIndex.query.filter_by(
index_name=searchindex_id).first()
event_id = args.get('event_id')
indices = [t.searchindex.index_name for t in sketch.timelines]
# Check if the requested searchindex is part of the sketch
if searchindex_id not in indices:
abort(
HTTP_STATUS_CODE_BAD_REQUEST,
'Search index ID ({0!s}) does not belong to the list '
'of indices'.format(searchindex_id))
result = self.datastore.get_event(searchindex_id, event_id)
event = Event.query.filter_by(
sketch=sketch, searchindex=searchindex,
document_id=event_id).first()# We do not need a human readable filename or
# datastore index name, so we use UUIDs here.
filename = uuid.uuid4().hex
if not isinstance(filename, six.text_type):
filename = codecs.decode(filename, 'utf-8')
index_name = form.index_name.data or uuid.uuid4().hex
if not isinstance(index_name, six.text_type):
index_name = codecs.decode(index_name, 'utf-8')
file_path = os.path.join(upload_folder, filename)
file_storage.save(file_path)
# Check if search index already exists.
searchindex = SearchIndex.query.filter_by(
name=timeline_name,
description=timeline_name,
user=current_user,
index_name=index_name).first()
timeline = None
if searchindex:
searchindex.set_status('processing')
else:
# Create the search index in the Timesketch database
searchindex = SearchIndex.get_or_create(
name=timeline_name,
description=timeline_name,
user=current_user,
index_name=index_name)
Popular timesketch functions
- timesketch.api.v1.resources.ResourceMixin
- timesketch.apps.sketch.models.Sketch
- timesketch.apps.sketch.models.Sketch.objects.create
- timesketch.apps.sketch.models.Sketch.objects.get
- timesketch.lib.analyzers.interface
- timesketch.lib.analyzers.interface.BaseSketchAnalyzer
- timesketch.lib.analyzers.manager
- timesketch.lib.analyzers.manager.AnalysisManager
- timesketch.lib.analyzers.manager.AnalysisManager.register_analyzer
- timesketch.lib.emojis.get_emoji
- timesketch.lib.forms.BaseForm
- timesketch.models.db_session
- timesketch.models.db_session.add
- timesketch.models.db_session.commit
- timesketch.models.sketch.SearchIndex
- timesketch.models.sketch.SearchIndex.query.filter_by
- timesketch.models.sketch.Sketch
- timesketch.models.sketch.Sketch.query.get_with_acl
- timesketch.models.sketch.View
- timesketch.models.user.User