More time modifiers: hours and minutes

target / huntlib

A Python library to help with some common threat hunting data analysis operations

MIT License

138 stars 22 forks source link

More time modifiers: hours and minutes #21

Closed nbareil closed 3 years ago

nbareil commented 3 years ago

👋

Call me lazy but I kept wanting to have minutes and hours time modifiers arguments to SplunkDF.search() so here it is.

I also took the opportunity to create a new testing class dedicated to unit-testing with the use of dummy objects but I can remove it if you prefer!

What would you think of having a simple ./unit-tests.sh doing:

#! /bin/sh

cd tests && 
  python -munittest -v test_splunk_df.UnitTestSplunk

nbareil commented 3 years ago

Hello @DavidJBianco, do you want me to split the PR to separate the unit-test and the time modifiers parts?

DavidJBianco commented 3 years ago

Hello @DavidJBianco, do you want me to split the PR to separate the unit-test and the time modifiers parts?

Thanks for the PR. I like the idea of extra time unit specifiers, but overall I'm trying to make the SplunkDF and ElasticDF classes more similar, not less. An upcoming version will address this, and once that's done I'll find a better time unit solution. So as much as I really do appreciate your contribution, it's better for now that I not accept it for release.