The new notebook shell in the dev docker config

[kiddinn]

When you start the dev docker using

$ cd docker/dev
$ sudo docker-compose up -d

You get a new notebook container, built on top of picatrix, but customized a bit for timesketch. You can access it using either http://localhost:8844 or http://localhost:8844/?token=timesketch

If you use the second URL you don't have to authenticate, otherwise you can type in timesketch as the password for the container.

This gives you a container that maps the /tmp/ folder of your machine (you can change that by editing the docker-compose.yml file).

After typing in the password you get prompted by a notebook like this:

The first step is to create a new notebook using the drop down menu and selecting a new python 3 book. Selecting that will create a new notebook that is empty, doesn't contain a single line of code in it. To help with populating the notebook with any data you can now use the snippets menu:

There you can select any of the example code and that injects some code into the notebook.

[kiddinn]

Let's take a look at an example, let's start by import and connect to a sketch.

This will connect the sketch, create a client and a sketch object, that are part of the API client. These objects can then be used to further interact with the sketch and the TS server. Depending on what you want to do.

Another example is to make a simple query, use the "Query a sketch using a button and a form" snippet and you will see:

There you can enter a search query, even put out a time filter on the query and hit the button.

What that does it to generate a search_obj that can be used to

1. Create a data frame using search_obj.table
2. Create a dict with the results using search_obj.dict
3. Save the search as a saved search, first you have to at least do search_obj.name = 'My name' and then search_obj.save() you can also optionally add a description using search_obj.description = 'some description'

[kiddinn]

an example search:

[lucky-luk3]

Hello @kiddinn, thanks for sharing this amazing job.
Could you share where are this snippets located?
I'm trying to copy they for using they in my lab.
I can't find they in notebook container.
Thanks in advance.

[kiddinn]

so within the container itself, they are located in /home/picatrix/.local/share/jupyter/nbextensions/snippets/snippets.json

you can edit them there, or you can edit them in https://github.com/google/timesketch/blob/master/docker/dev/build/snippets.json

[lucky-luk3]

Thanks @kiddinn for your answer!
I think I am not answering the query correctly. I am sorry.
I was trying to reproduce these menus on my own jupyter server, outside of the notebook container.
Finally, I was able to do it. Maybe it could be useful to someone, I'll try to explain.
In the notbook container, inside /home/picatrix/.ipython/profile_default/startup/ there are 2 files, 00-import.py and 10-widgets.py. I had to merge both into a single file and put it in C:\Users\user.ipython\profile_default\startup.
This allows that when a new notebook is created, this code is executed within this notebook and it is not necessary to execute imports and it is possible to create menus comfortably.
The functions of picatrix are great but I think that several of my colleagues will prefer more intuitive menus.
Thanks again for your help and for your awesome work!

[kiddinn]

ok, so that's what I was saying, inside the containers you'll have these files, but they are also inside the gihub repo and can be easily added to your own custom jupyter server... the relevant sections are:

(install nbextension)
$ jupyter nbextension enable snippets/main 

This will enable the snippet nbextension... then you can simply copy and/or change or simply create your own snippets file and store it inside:

$HOME/.local/share/jupyter/nbextensions/snippets/snippets.json

The current file is stored here

That's for snippets... the other files, the the files within $HOME/.ipython/profile_default/startup/ are python files that are executed upon startup of any jupyter shell you may start up. Those can also be adjusted/modified/etc at will. You don't have to merge them, this is a folder and all files within that folder get executed, in alpha order (hence the naming scheme of 00, 10, etc...) see files here

You can have this synced with your own, you can also build your own docker container upon the TS container if you so want/desire so that the changes that are made in that container are replicated to your own.

[jaegeral]

FAQ: Why do I not see the other Timesketch Notebooks?
A: Because the notebook is started in /tmp and bound to it.