Notebook vql_suggestions do not show up in client events notebooks

Question

Notebook vql_suggestions do not show up in client events notebooks

misje opened this issue a month ago · 4 comments

If I copy a notebook type vql_suggestion from a client artifact to a client event artifact, I expect it to work just the same: Show up as a suggestion in the "plus" menu. However, the list of suggestions is empty in the client events notebook.

Answer 1 · 2024-10-15T16:33:48.000Z

I can not replicate this - take the following client event artifact for example

name: Custom.TestEvent
type: CLIENT_EVENT

sources:
  - query: |
      SELECT Unix FROM clock()
    notebook:
    - type: vql_suggestion
      name: Get Info
      template: SELECT * FROM info()

After installing it into the client monitoring table, I can see the suggestion

Answer 2 · 2024-10-15T16:38:55.000Z

That example works for me too. Let me investigate a bit more and try to get a small, reproducible artifact.

Answer 3 · 2024-10-15T16:46:18.000Z

I think if you dont provide a name it uses the empty string for the name which makes it hard to see (it is actually still there but hard to click on).

Answer 4 · 2024-10-15T17:02:26.000Z

Deleting the notebook solved it. I needed a new notebook to get the suggestion to show up. I just couldn't find the delete button.