From 2c204fd8e6031ce691d2ded86de1bf3f82ce769d Mon Sep 17 00:00:00 2001
From: Sergey Kolupaev <skolupaev@keepersecurity.com>
Date: Fri, 2 Nov 2018 16:11:17 -0700
Subject: [PATCH] Bug fix: Export audit events to Splunk

---
 keepercommander/commands/enterprise.py | 31 +++++++++++++-------------
 1 file changed, 15 insertions(+), 16 deletions(-)

diff --git a/keepercommander/commands/enterprise.py b/keepercommander/commands/enterprise.py
index 2ab060d7e..2bd70ee13 100644
--- a/keepercommander/commands/enterprise.py
+++ b/keepercommander/commands/enterprise.py
@@ -1128,22 +1128,21 @@ def execute(self, params, **kwargs):
 
             if len(events) == 0:
                 finished = True
-            if finished or len(events) >= 500:
-                if len(events) > 0:
-                    if target == 'splunk':
-                        auth = { 'Authorization': 'Splunk {0}'.format(props['token']) }
-                        try:
-                            logging.captureWarnings(True)
-                            rs = requests.post(props['hec_url'], data='\n'.join(events), headers=auth, verify=False)
-                        finally:
-                            logging.captureWarnings(False)
-
-                        if rs.status_code == 200:
-                            store_record = True
-                        else:
-                            finished = True
-                    count += len(events)
-                    events.clear()
+            if len(events) > 0:
+                if target == 'splunk':
+                    auth = { 'Authorization': 'Splunk {0}'.format(props['token']) }
+                    try:
+                        logging.captureWarnings(True)
+                        rs = requests.post(props['hec_url'], data='\n'.join(events), headers=auth, verify=False)
+                    finally:
+                        logging.captureWarnings(False)
+
+                    if rs.status_code == 200:
+                        store_record = True
+                    else:
+                        finished = True
+                count += len(events)
+                events.clear()
 
         if store_record:
             print('Exported {0} audit event{1}'.format(count, 's' if count != 1 else ''))