tomchop
commented
1 year ago CC @berggren
There is also a race condition there somewhere; if a new sketch is created and timeline is added, this is not reflected fast enough in the API response.
Open jaegeral opened 1 year ago
tomchop
commented
1 year ago CC @berggren
There is also a race condition there somewhere; if a new sketch is created and timeline is added, this is not reflected fast enough in the API response.
jleaniz
commented
1 year ago For what it's worth, I also observed this behavior when working on the dftimewolf timesketch exporter module recently.
get_timelinewon't return new timelines that were added after the sketch data is first loaded.get_timelinecallslist_timelines, which callslazyload_data, which just returns data from cache. More improtantly, there is no way to force the refresh of data fromget_timeline.Actually, it might be worth considering whether the default behavior of the API client should be to lazyload data (I would argue not) https://github.com/google/timesketch/blob/master/api_client/python/timesketch_api_client/sketch.py#L934
https://github.com/google/timesketch/blob/master/api_client/python/timesketch_api_client/sketch.py#L797
This was found by @tomchop