How to use the timesketch.models.sketch.View function in timesketch
To help you get started, we’ve selected a few timesketch examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
google / timesketch / timesketch / lib / testlib.py View on Github 
def _create_view(self, name, sketch, user):
"""Create a view in the database.
Args:
name: Name of the view (string)
sketch: A sketch (instance of timesketch.models.sketch.Sketch)
user: A user (instance of timesketch.models.user.User)
Returns:
A view (instance of timesketch.models.sketch.View)
"""
view = View(
name=name,
query_string=name,
query_filter=json.dumps(dict()),
user=user,
sketch=sketch)
self._commit_to_database(view)
return view# Remove all other labels.
for event in result['hits']['hits']:
event['selected'] = False
event['_source']['label'] = []
try:
for label in event['_source']['timesketch_label']:
if sketch.id != label['sketch_id']:
continue
event['_source']['label'].append(label['name'])
del event['_source']['timesketch_label']
except KeyError:
pass
# Update or create user state view. This is used in the UI to let
# the user get back to the last state in the explore view.
view = View.get_or_create(
user=current_user, sketch=sketch, name='')
view.query_string = form.query.data
view.query_filter = json.dumps(query_filter, ensure_ascii=False)
view.query_dsl = json.dumps(query_dsl, ensure_ascii=False)
db_session.add(view)
db_session.commit()
# Add metadata for the query result. This is used by the UI to
# render the event correctly and to display timing and hit count
# information.
tl_colors = {}
tl_names = {}
for timeline in sketch.timelines:
tl_colors[timeline.searchindex.index_name] = timeline.color
tl_names[timeline.searchindex.index_name] = timeline.nameif query_filter_dict.get('indices', None):
query_filter_dict['indices'] = '_all'
query_filter = json.dumps(query_filter_dict, ensure_ascii=False)
searchtemplate = SearchTemplate(
name=view_name,
user=current_user,
query_string=query_string,
query_filter=query_filter,
query_dsl=query_dsl)
db_session.add(searchtemplate)
db_session.commit()
# Create the view in the database
view = View(
name=view_name,
sketch=sketch,
user=current_user,
query_string=query_string,
query_filter=query_filter,
query_dsl=query_dsl,
searchtemplate=searchtemplate)
db_session.add(view)
db_session.commit()
return viewquery_dsl: Dictionary with Elasticsearch DSL query.
query_filter: Dictionary with Elasticsearch filters.
Raises:
ValueError: If both query_string an query_dsl are missing.
Returns: An instance of a SQLAlchemy View object.
"""
if not (query_string or query_dsl):
raise ValueError('Both query_string and query_dsl are missing.')
if not query_filter:
query_filter = {'indices': '_all'}
name = '[{0:s}] {1:s}'.format(analyzer_name, view_name)
view = View.get_or_create(name=name, sketch=self.sql_sketch, user=None)
view.query_string = query_string
view.query_filter = view.validate_filter(query_filter)
view.query_dsl = query_dsl
view.searchtemplate = None
db_session.add(view)
db_session.commit()
return view
"""Handles POST request to the resource.
Args:
sketch_id: Integer primary key for a sketch database model
view_id: Integer primary key for a view database model
Returns:
A view in JSON (instance of flask.wrappers.Response)
"""
form = SaveViewForm.build(request)
if not form.validate_on_submit():
abort(
HTTP_STATUS_CODE_BAD_REQUEST,
'Unable to update view, not able to validate form data')
sketch = Sketch.query.get_with_acl(sketch_id)
view = View.query.get(view_id)
view.query_string = form.query.data
view.query_filter = json.dumps(form.filter.data, ensure_ascii=False)
view.query_dsl = json.dumps(form.dsl.data, ensure_ascii=False)
view.user = current_user
view.sketch = sketch
if form.dsl.data:
view.query_string = ''
db_session.add(view)
db_session.commit()
return self.to_json(view, status_code=HTTP_STATUS_CODE_CREATED)searchtemplate=None,
query_string=None,
query_filter=None,
query_dsl=None):
"""Initialize the View object.
Args:
name: The name of the timeline
sketch: A sketch (instance of timesketch.models.sketch.Sketch)
user: A user (instance of timesketch.models.user.User)
searchtemplate: Instance of timesketch.models.sketch.SearchTemplate
query_string: The query string
query_filter: The filter to apply (JSON format as string)
query_dsl: A query DSL document (JSON format as string)
"""
super(View, self).__init__()
self.name = name
self.sketch = sketch
self.user = user
self.searchtemplate = searchtemplate
self.query_string = query_string
self.query_filter = query_filter
self.query_dsl = query_dslview_form = SaveViewForm()
graphs_enabled = current_app.config['GRAPH_BACKEND_ENABLED']
similarity_enabled = current_app.config.get('ENABLE_EXPERIMENTAL_UI')
# Get parameters from the GET query
url_query = request.args.get('q', '')
url_time_start = request.args.get('time_start', None)
url_time_end = request.args.get('time_end', None)
url_index = request.args.get('index', None)
url_size = request.args.get('size', None)
if searchtemplate_id:
searchtemplate = SearchTemplate.query.get(searchtemplate_id)
view = sketch.get_user_view(current_user)
if not view:
view = View(user=current_user, name='', sketch=sketch)
view.query_string = searchtemplate.query_string
view.query_filter = searchtemplate.query_filter
view.query_dsl = searchtemplate.query_dsl
save_view = True
elif view_id:
view = View.query.get(view_id)
# Check that this view belongs to the sketch
if view.sketch_id != sketch.id:
abort(HTTP_STATUS_CODE_NOT_FOUND)
# Return 404 if view is deleted
if view.get_status.status == 'deleted':
return abort(HTTP_STATUS_CODE_NOT_FOUND)
else:
view = sketch.get_user_view(current_user)def get_user_view(self, user):
"""Get view for user, i.e. view with the state for the user/sketch.
Args:
user: User (instance of timesketch.models.user.User)
Returns:
view: Instance of timesketch.models.sketch.View
"""
view = View.query.filter(View.user == user, View.name == '',
View.sketch_id == self.id).order_by(
View.created_at.desc()).first()
return view
Popular timesketch functions
- timesketch.api.v1.resources.ResourceMixin
- timesketch.apps.sketch.models.Sketch
- timesketch.apps.sketch.models.Sketch.objects.create
- timesketch.apps.sketch.models.Sketch.objects.get
- timesketch.lib.analyzers.interface
- timesketch.lib.analyzers.interface.BaseSketchAnalyzer
- timesketch.lib.analyzers.manager
- timesketch.lib.analyzers.manager.AnalysisManager
- timesketch.lib.analyzers.manager.AnalysisManager.register_analyzer
- timesketch.lib.emojis.get_emoji
- timesketch.lib.forms.BaseForm
- timesketch.models.db_session
- timesketch.models.db_session.add
- timesketch.models.db_session.commit
- timesketch.models.sketch.SearchIndex
- timesketch.models.sketch.SearchIndex.query.filter_by
- timesketch.models.sketch.Sketch
- timesketch.models.sketch.Sketch.query.get_with_acl
- timesketch.models.sketch.View
- timesketch.models.user.User