A community user spotted this issue while working with logs from the Zeek SPL-SPT package as described in the join cookbook (#1430). Repro is with a nightly build based on Brim commit 664840a8.

One of the quirks of the SPL-SPT package is that it generates points that lack a ts timestamp field. It's for this reason that I used it as an example in the join cookbook, since it's a good candidate for joining to other records that do have ts timestamps. However, not all users will know that ts-free records currently pose a unique challenge in Brim. They just think of Brim as the app that can handle all Zeek TSV logs you throw at it.

What we observed is that if only the spl.log.gz (attached) is dragged into Brim, the time picker defaults to "epoch zero" time and the points show up ok.

However, if we drag that spl.log.gz as well as another Zeek log such as conn.log.gz (attached) now the time picker is set to the range of that log and the spl events effectively become invisible.

If I happen to know what's going on and manually set the start point of the time picker to epoch zero, then I get to see them. But I would not expect our users to know about this.

We know we need to do other work to make these kinds of ts-free events easier to work with in the app. But since at least one user has already bumped into it, we might want to see if we can take some interim step to reduce the likelihood of users floating it as a bug.