This issue is partially related with #1034.

In v0.19.0-alpha2, PR #1025, I already implemented a new indexing that creates an index for each plugin and PID indicating which blocks correspond with that specific process.

/var/lib/drakrun/analyses/b0d73b8b-bbe7-47cd-97ca-6657ae26b177/index# cat apimon.90.json
{"blocks": [[22106098, 22106576], [22140689, 22141190], [22148538, 22149016], [22150372, 22150850], [64069544, 64070460], [64070849, 64078132]], "values": ["LdrGetDllHandle", "LdrLoadDll"], "mapping": [0, 1, 0, 0, 0, 0]}

Index consist of files named <plugin>.<seqid>.json that contain information about blocks, Method values and mapping between blocks and Method values. seqid is the process sequence id. Index is built by drakrun.analyzer.postprocessing.indexer.

Information is already exposed via new endpoint /logs/<task_uid>/<log_type>/process/ that allows to fetch the filtered log. This endpoint also accepts the filter= argument that allows to filter entries with given Method names.

Things that are missing on the backend side:

• minor one: filter should be a filter[] to indicate that this request query argument accepts multiple values
• major one: we don't implement Range queries, which are needed to lazy-load the logs. Proper interface is already available in drakrun.analyzer.postprocessing.indexer.scattered_read_file function that accepts skip and length arguments

Thing that is obviously missing on the frontend side is a component that allows to use this API. It could be similar to the "General logs" one:

but with information related only with the selected process. Another nice addition would be a multiselect input that allows to pick Method values for additional filtering. We can reuse the same component that is used for picking Plugins: