Timesketch will generate a timeline and mark it as failed when importing a valid (but empty) plaso file. Empty in this context means a valid plaso file that contains no events (parses did not generate any event).
It would make sense to either not generate a timeline at all in this case, or make it more clear in the UI that it is an empty timeline and not a failure. There could also be cases where the plaso file is corrupt/invalid, but right now it looks like both cases are handled as failures.
Screenshots
If you have screenshots that clarifies your feedback, please add it here.
Describe the solution you'd like
Timesketch will generate a timeline and mark it as failed when importing a valid (but empty) plaso file. Empty in this context means a valid plaso file that contains no events (parses did not generate any event).
https://github.com/google/timesketch/blob/cfdc54ec828f85c5d212a8287cc4c3ac9ba67d71/timesketch/lib/tasks.py#L654 a RuntimeError is raised here when this happens, however, in the UI you can see the timeline being marked as failed.
It would make sense to either not generate a timeline at all in this case, or make it more clear in the UI that it is an empty timeline and not a failure. There could also be cases where the plaso file is corrupt/invalid, but right now it looks like both cases are handled as failures.
Screenshots If you have screenshots that clarifies your feedback, please add it here.