{ "snippets": [ { "name": "Example initial import", "code" : [ "from timesketch_api_client import search", "from picatrix.lib import state as state_lib", "import altair as alt", "import numpy as np", "import pandas as pd", "state = state_lib.state()" ] }, { "name": "Select a sketch using magics", "code" : [ "%timesketch_set_active_sketch 1" ] }, { "name" : "Select a sketch using a button and a form", "code" : [ "# Execute cell in order to generate button.", "generate_connect_button()" ] }, { "name" : "Query a sketch using a button and a form", "code" : [ "# Execute cell in order to generate button.", "generate_query_button()" ] }, { "name": "Search with date range filter", "code" : [ "sketch = %timesketch_get_sketch", "search_obj = search.Search(sketch)", "date_chip = search.DateRangeChip()", "date_chip.start_time = '2020-12-24T18:00:00'", "date_chip.end_time = '2020-12-31T23:59:59'", "search_obj.add_chip(date_chip)", "search_obj.query_string = '*'", "df = search_obj.table" ] }, { "name": "Run an example aggregation.", "code" : [ "sketch = %timesketch_get_sketch", "params = {", " 'field': 'domain',", " 'limit': 10,", " 'supported_charts': 'hbarchart',", " 'chart_title': 'Top 10 Domains'", "}", " ", "agg = sketch.run_aggregator(", " aggregator_name='field_bucket', aggregator_parameters=params)", " ", "# You can get the aggregation data as a chart or a dataframe", "agg.chart", " ", "# Enable this to get the results as a table", "# agg.table", " ", "# To save the aggregation you need to create a name and a title.", "# agg.name = 'Top 10 Domains'", "# agg.title = 'Top 10 Domains'", "# agg.save()" ] }, { "name" : "Get Timesketch client object", "code" : [ "# Execute cell in order to get a Timesketch API client instance.", "client = state.get_from_cache('timesketch_client')" ] }, ] }