[bug] search command results are not identical

[YamatoSecurity]

Describe the bug
When saving the results of the search command, the file size and total findings are the same

Step to Reproduce

./hayabusa-3.1-main search -d ../hayabusa-sample-evtx -k a -o main-test.csv
./hayabusa-3.1-main search -d ../hayabusa-sample-evtx -k a -o main-test2.csv
md5 main-test.csv
MD5 (main-test.csv) = 7a0259cfa17abf618537ed498d35dc8f
md5 main-test2.csv
MD5 (main-test2.csv) = 4813fda19b56be21b1bbcd2ab50b76a5

When I ran diff it seems that the events are changing order. (Total findings and file size are the same)

Ex:

< "2019-09-23 18:18:44.000 +09:00","-","User-PC","App",1040,3309,"Data[1]: C:\MSOCache\All Users\{90140000-00BA-0419-0000-0000000FF1CE}-C\GrooveMUI.msi ¦ Data[2]: 3700 ¦ Data[3]: (NULL) ¦ Data[4]: (NULL) ¦ Data[5]: (NULL) ¦ Data[6]: (NULL) ¦ Data[7]:","../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/rogue_msi_url_1040_1042.evtx"
---
> "2019-09-23 18:18:42.000 +09:00","-","User-PC","App",1042,3304,"Data[1]: C:\MSOCache\All Users\{90140000-0017-0419-0000-0000000FF1CE}-C\SharePointDesignerMUI.msi ¦ Data[2]: 3700 ¦ Data[3]: (NULL) ¦ Data[4]: (NULL) ¦ Data[5]: (NULL) ¦ Data[6]: ^C (NULL) ¦ Data[6]: (NULL) ¦ Data[7]:","../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/rogue_msi_url_1040_1042.evtx"

Expected behavior
The results should be exactly the same.

Environment (please complete the following information):

• OS: 3.1-dev mac

Additional context

This could be due to multiple results with the exact same timestamp. After sorting by timestamp, we may need to sort by Computer, Channel and RecordID. I think we do something similar to avoid this issue in the csv-timeline command.

@fukusuket Since you are our bug hunting expert, would you mind looking into this issue?

[fukusuket]

Yes! I would love to look into!!💪