From 496986e6f7d1da3b76781c0e903c126b25c3b0f2 Mon Sep 17 00:00:00 2001
From: Alexander J <deralexxx@users.noreply.github.com>
Date: Tue, 30 Oct 2018 15:13:14 +0100
Subject: [PATCH 1/3] First shot on

https://github.com/google/timesketch/issues/691

Not yet ready to merge
---
 .../python/timesketch_api_client/client.py    | 21 +++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/api_client/python/timesketch_api_client/client.py b/api_client/python/timesketch_api_client/client.py
index c01789758f..f9f0fe222f 100644
--- a/api_client/python/timesketch_api_client/client.py
+++ b/api_client/python/timesketch_api_client/client.py
@@ -512,6 +512,27 @@ def search_by_label(self, label_name):
         }
         return self.explore(query_dsl=json.dumps({'query': query}))
 
+    def add_event(self, message, timestamp):
+        """Adds an event to the sketch specific timeline.
+
+        Args:
+            message: Array of JSON objects representing events.
+            timestamp: Timestamp of the event.
+            timestamp_desc : Description of the timestamp.
+
+        Returns:
+            Dictionary with query results.
+        """
+        form_data = {
+            'timestamp': timestamp,
+            'timestamp_desc': 'test',
+            'message': message
+        }
+
+        resource_url = u'{0:s}/sketches/{1:d}/event/create/'.format(
+            self.api.api_root, self.id)
+        response = self.api.session.post(resource_url, json=form_data)
+        return response.json()
 
 class SearchIndex(BaseResource):
     """Timesketch searchindex object.

From c666415c892c6c184b104a224933eb3316910eab Mon Sep 17 00:00:00 2001
From: Alexander J <deralexxx@users.noreply.github.com>
Date: Wed, 31 Oct 2018 12:30:07 +0100
Subject: [PATCH 2/3] Update client.py

---
 api_client/python/timesketch_api_client/client.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/api_client/python/timesketch_api_client/client.py b/api_client/python/timesketch_api_client/client.py
index f9f0fe222f..ebb7ba9a0e 100644
--- a/api_client/python/timesketch_api_client/client.py
+++ b/api_client/python/timesketch_api_client/client.py
@@ -512,7 +512,7 @@ def search_by_label(self, label_name):
         }
         return self.explore(query_dsl=json.dumps({'query': query}))
 
-    def add_event(self, message, timestamp):
+    def add_event(self, message, timestamp, timestamp_desc):
         """Adds an event to the sketch specific timeline.
 
         Args:
@@ -525,7 +525,7 @@ def add_event(self, message, timestamp):
         """
         form_data = {
             'timestamp': timestamp,
-            'timestamp_desc': 'test',
+            'timestamp_desc': timestamp_desc,
             'message': message
         }
 

From f0984d9e63cb835b43653cf92591298714fad8b0 Mon Sep 17 00:00:00 2001
From: Johan Berggren <jberggren@gmail.com>
Date: Tue, 6 Nov 2018 07:56:03 +0100
Subject: [PATCH 3/3] makes sense

Co-Authored-By: deralexxx <deralexxx@users.noreply.github.com>
---
 api_client/python/timesketch_api_client/client.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api_client/python/timesketch_api_client/client.py b/api_client/python/timesketch_api_client/client.py
index ebb7ba9a0e..d9da2bdfb2 100644
--- a/api_client/python/timesketch_api_client/client.py
+++ b/api_client/python/timesketch_api_client/client.py
@@ -517,7 +517,7 @@ def add_event(self, message, timestamp, timestamp_desc):
 
         Args:
             message: Array of JSON objects representing events.
-            timestamp: Timestamp of the event.
+            timestamp: Micro seconds since 1970-01-01 00:00:00.
             timestamp_desc : Description of the timestamp.
 
         Returns: