Skip to content

Commit

Permalink
Merge branch 'master' into tsdfiq-analyzer
Browse files Browse the repository at this point in the history
  • Loading branch information
jkppr authored Sep 10, 2024
2 parents 4919ce8 + 9988b1c commit 684cd92
Show file tree
Hide file tree
Showing 2 changed files with 77 additions and 0 deletions.
65 changes: 65 additions & 0 deletions cli_client/python/timesketch_cli_client/commands/sketch.py
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,13 @@
# limitations under the License.
"""Commands for sketches."""

import time
import json
import click
import pandas as pd

from timesketch_cli_client.commands import attribute as attribute_command
from timesketch_api_client import search


@click.group("sketch")
Expand Down Expand Up @@ -93,3 +95,66 @@ def create_sketch(ctx, name, description):
description = name
sketch = api_client.create_sketch(name=name, description=description)
click.echo(f"Sketch created: {sketch.name}")


@sketch_group.command("export", help="Export a sketch")
@click.option("--filename", required=True, help="Filename to export to.")
@click.pass_context
def export_sketch(ctx, filename):
"""Export a sketch to a file.
Args:
filename: Filename to create
"""
sketch = ctx.obj.sketch
click.echo("Executing export . . . ")
click.echo("Depending on the sketch size, this can take a while")
# start counting the time the export took
start_time = time.time()
try:
search_obj = search.Search(sketch=sketch)

click.echo(f"Number of events in that sketch: {search_obj.expected_size}")

search_obj.to_file(filename)
# Using the sketch.export function could be an alternative here
# TODO: https://github.com/google/timesketch/issues/2344
end_time = time.time()
click.echo(f"Export took {end_time - start_time} seconds")
click.echo("Finish")
except ValueError as e:
click.echo(f"Error: {e}")
ctx.exit(1)


@sketch_group.command("archive", help="Archive a sketch")
@click.pass_context
def archive_sketch(ctx):
"""Archive a sketch."""
sketch = ctx.obj.sketch
# if sketch is already archived error
if sketch.is_archived():
click.echo("Error Sketch is already archived")
ctx.exit(1)

# check if user has permissions
if not sketch.can_archive():
click.echo("User can not archive this sketch")
ctx.exit(1)

sketch.archive()
click.echo("Sketch archived")


@sketch_group.command("unarchive", help="Unarchive a sketch")
@click.pass_context
def unarchive_sketch(ctx):
"""Unarchive a sketch."""
sketch = ctx.obj.sketch
# if sketch is not archived error
if not sketch.is_archived():
click.echo("Error Sketch is not archived")
ctx.exit(1)
if sketch.is_archived():
sketch.unarchive()
click.echo("Sketch unarchived")
12 changes: 12 additions & 0 deletions docs/guides/user/cli-client.md
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,18 @@ To remove an attribute from a sketch
timesketch sketch remove_attribute
```

### Archive Sketch

Running `sketch archive` will set the archive flag to the sketch.

### Unarchive a sketch

Running `sketch unarchive` will set the archive flag to the sketch.

### Export a sketch

Running `sketch export` will export the complete Sketch to a file.

## Intelligence

Intelligence is always sketch specific. The same can be achieved using
Expand Down

0 comments on commit 684cd92

Please sign in to comment.