search

google / timesketch

Collaborative forensic timeline analysis
Apache License 2.0
2.57k stars 582 forks source link

Internal Server Error when Exporting #2344

Open Xboarder56 opened 1 year ago

Xboarder56 commented 1 year ago

Describe the bug After uploading plaso dumps into timesketch and running 2 aggregators on them (browser and domain) I'm unable to export from the main investigation page.

To Reproduce Steps to reproduce the behavior:

Import plaso dumps created from Kape data. Add a story and fill in a saved search Run an aggregation. Attempt to export from the main window.

Expected behavior The data would be exported successfully.

Screenshots If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

OS: Ubuntu 20.04 Browser: Chrome/Safari (tried both) Version: 105.0.5195.125 (Official Build) (x86_64)

Error when attempting an export. 


Traceback (most recent call last):
  File "/usr/local/lib/python3.8/dist-packages/flask/app.py", line 1516, in full_dispatch_request
    rv = self.dispatch_request()
  File "/usr/local/lib/python3.8/dist-packages/flask/app.py", line 1502, in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**req.view_args)
  File "/usr/local/lib/python3.8/dist-packages/flask_restful/__init__.py", line 467, in wrapper
    resp = resource(*args, **kwargs)
  File "/usr/local/lib/python3.8/dist-packages/flask/views.py", line 84, in view
    return current_app.ensure_sync(self.dispatch_request)(*args, **kwargs)
  File "/usr/local/lib/python3.8/dist-packages/flask_restful/__init__.py", line 582, in dispatch_request
    resp = meth(*args, **kwargs)
  File "/usr/local/lib/python3.8/dist-packages/flask_login/utils.py", line 261, in decorated_view
    return func(*args, **kwargs)
  File "/usr/local/lib/python3.8/dist-packages/timesketch/api/v1/resources/archive.py", line 156, in post
    return self._export_sketch(sketch)
  File "/usr/local/lib/python3.8/dist-packages/timesketch/api/v1/resources/archive.py", line 313, in _export_sketch
    export.export_aggregation(aggregation, sketch, zip_file)
  File "/usr/local/lib/python3.8/dist-packages/timesketch/api/v1/export.py", line 43, in export_aggregation
    result_obj, meta = utils.run_aggregator(
  File "/usr/local/lib/python3.8/dist-packages/timesketch/api/v1/utils.py", line 144, in run_aggregator
    result_obj = aggregator.run(**aggregator_parameters)
TypeError: run() got an unexpected keyword argument 'index'
jaegeral commented 1 year ago

This is a known issue, we are currently completely re-doing the UI, in the meantime I would recommend to use the API to export data needed

jaegeral commented 2 weeks ago

Actually that happens as well if you use the api:

[2024-08-30 12:44:29 +0000] [3549] [DEBUG] POST /api/v1/sketches/1/archive/
[2024-08-30 12:54:29 +0000] [1322] [CRITICAL] WORKER TIMEOUT (pid:3549)
[2024-08-30 12:54:29 +0000] [3549] [ERROR] Error handling request /api/v1/sketches/1/archive/
Traceback (most recent call last):
  File "/usr/local/lib/python3.10/dist-packages/gunicorn/workers/sync.py", line 135, in handle
    self.handle_request(listener, req, client, addr)
  File "/usr/local/lib/python3.10/dist-packages/gunicorn/workers/sync.py", line 178, in handle_request
    respiter = self.wsgi(environ, resp.start_response)
  File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 1498, in __call__
    return self.wsgi_app(environ, start_response)
  File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 1473, in wsgi_app
    response = self.full_dispatch_request()
  File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 880, in full_dispatch_request
    rv = self.dispatch_request()
  File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 865, in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)  # type: ignore[no-any-return]
  File "/usr/local/lib/python3.10/dist-packages/flask_restful/__init__.py", line 489, in wrapper
    resp = resource(*args, **kwargs)
  File "/usr/local/lib/python3.10/dist-packages/flask/views.py", line 110, in view
    return current_app.ensure_sync(self.dispatch_request)(**kwargs)  # type: ignore[no-any-return]
  File "/usr/local/lib/python3.10/dist-packages/flask_restful/__init__.py", line 604, in dispatch_request
    resp = meth(*args, **kwargs)
  File "/usr/local/lib/python3.10/dist-packages/flask_login/utils.py", line 290, in decorated_view
    return current_app.ensure_sync(func)(*args, **kwargs)
  File "/usr/local/src/timesketch/timesketch/api/v1/resources/archive.py", line 156, in post
    return self._export_sketch(sketch)
  File "/usr/local/src/timesketch/timesketch/api/v1/resources/archive.py", line 316, in _export_sketch
    self._export_view(view, sketch, zip_file)
  File "/usr/local/src/timesketch/timesketch/api/v1/resources/archive.py", line 394, in _export_view
    data_frame = pd.concat([data_frame, add_frame], sort=False)
  File "/usr/local/lib/python3.10/dist-packages/pandas/util/_decorators.py", line 317, in wrapper
    return func(*args, **kwargs)
  File "/usr/local/lib/python3.10/dist-packages/pandas/core/reshape/concat.py", line 382, in concat
    return op.get_result()
  File "/usr/local/lib/python3.10/dist-packages/pandas/core/reshape/concat.py", line 617, in get_result
    new_data = concatenate_managers(
  File "/usr/local/lib/python3.10/dist-packages/pandas/core/internals/concat.py", line 223, in concatenate_managers
    values = np.concatenate(vals, axis=1)
  File "<__array_function__ internals>", line 180, in concatenate
  File "/usr/local/lib/python3.10/dist-packages/gunicorn/workers/base.py", line 203, in handle_abort
    sys.exit(1)
SystemExit: 1

with 

search_obj = search.Search(sketch=sketch)
    search_obj.to_file(filename) # works
    click.echo("Using sketch.export")
    # Using the sketch.export function might also work
    sketch.export("./test.zip") # breaks