Graph functionality not working #2872
Unanswered
msktyshha
asked this question in
Q&A, quick solutions, support
Replies: 3 comments
-
|
Hi msktyshha, can you share a bit more information here?
|
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Hi Jkppr,
Thank you for the prompt reply, the requested information is as follow:
I am running Timesketch version: 20230721 in a Docker container along with
other containers that came with the image:
[image: image.png]
The problem occurs in both the old and new UI, in the new UI I get this
error " No data to generate graph " meanwhile in the old UI I get this
error "Empty graph Generated"
So far ever since I pulled the image I was not able to generate any graphs in the graph tab using the plugins
There are no error in the nginxx logs, however in the Timesketch/logs/wsgi_error.log, these are the errors I get whenever I try the graph feature:
[2023-08-24 18:05:45,386] timesketch.analyzers.hashlookup/ERROR Hashlookup conf not found [2023-08-24 18:05:45,404] timesketch.analyzers.misp/ERROR MISP conf not found [2023-08-24 18:06:27,244] timesketch.api_utils/ERROR Unable to read the config, file: [/etc/timesketch/context_links.yaml] does not exist [2023-08-24 18:06:27,359] timesketch.analyzers.hashlookup/ERROR Hashlookup conf not found [2023-08-24 18:06:27,362] timesketch.analyzers.misp/ERROR MISP conf not found
I upload the csv file to timeline, map and upload the csv file and explore
the data in timeline successfully, when I click on the Graph tab and choose
the WindowsServices plugin, I get the error shown.
Some sample events from the csv file are:
computer_name,username,service_name,image_path,service_type,start_type,event_identifier,Date and Time,message,Process ID
DESKTOP-1KUH9Q1,LocalSystem,TestService,C:\Windows\System32\notepad.exe,user mode service,demand start,7045,2023-08-23T17:43:20.3682644Z,"A service was installed in the system.
Service Name: TestService
Service File Name: C:\Windows\System32\notepad.exe
Service Type: user mode service
Service Start Type: demand start
Service Account: LocalSystem",960
DESKTOP-1KUH9Q1,,MpKsla1d8e2c6,C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E22A1B69-BA42-4FDF-ADAD-86585F39ADF0}\MpKslDrv.sys,kernel mode driver,demand start,7045,2023-08-23T16:45:32.2244195Z,"A service was installed in the system.
Service Name: MpKsla1d8e2c6
Service File Name: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E22A1B69-BA42-4FDF-ADAD-86585F39ADF0}\MpKslDrv.sys
Service Type: kernel mode driver
Service Start Type: demand start
Service Account: ",960
DESKTOP-1KUH9Q1,LocalSystem,DummyService,C:\Windows\System32\svchost.exe -k netsvcs,user mode service,demand start,7045,2023-08-21T23:53:10.2309359Z,"A service was installed in the system.
Thank you
…On Thu, Aug 24, 2023 at 7:29 AM Janosch ***@***.***> wrote:
Hi msktyshha,
can you share a bit more information here?
- What version of Timesketch are you running?
- What UI are you using? (old or new?)
- Did you run any analyzers before?
- Any errors in the server side logs? (see
https://timesketch.org/guides/admin/troubleshooting/ )
- What are your steps to reproduce this error?
- Can you share a sample data file (plaso or csv) that triggers this
error?
—
Reply to this email directly, view it on GitHub
<#2872 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AN36ZW3ZCNYMTVZR2VXHB7LXW43H7ANCNFSM6AAAAAA34JRLKA>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
Beta Was this translation helpful? Give feedback.
0 replies
-
|
So finally figured it out that the graph functionality doesn't work with csv or json file formats, only works with Plaso files. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I am trying to generate the Windows services graph but each time I try, I get an empty graph error. I have some logs from the web browser console:
TypeError: t.status is undefined
sketch Sketch.vue:35
VueJS 5
vue.runtime.esm.js:3049:16
TypeError: t.currentGraphCacheConfig.filter is undefined
Yi Graph.vue:4
VueJS 36
init vue-router.esm.js:3005
init vue-router.esm.js:3004
updateRoute vue-router.esm.js:2414
transitionTo vue-router.esm.js:2263
confirmTransition vue-router.esm.js:2402
i vue-router.esm.js:2084
i vue-router.esm.js:2091
Xt vue-router.esm.js:2095
confirmTransition vue-router.esm.js:2397
i vue-router.esm.js:2084
i vue-router.esm.js:2088
d vue-router.esm.js:2384
qt vue-router.esm.js:2162
d vue-router.esm.js:2362
i vue-router.esm.js:2087
i vue-router.esm.js:2091
i vue-router.esm.js:2091
i vue-router.esm.js:2091
i vue-router.esm.js:2091
Xt vue-router.esm.js:2095
confirmTransition vue-router.esm.js:2392
transitionTo vue-router.esm.js:2260
push vue-router.esm.js:2606
push vue-router.esm.js:3039
x vue-router.esm.js:1139
VueJS 3
vue.runtime.esm.js:3049:16
TypeError: t.currentGraphCacheConfig.filter is undefined
Yi Graph.vue:4
VueJS 14
created Graph.vue:685
promise callback*created Graph.vue:684
VueJS 29
vue.runtime.esm.js:3049:16
what might be the problem?
Beta Was this translation helpful? Give feedback.
All reactions