forked from elastic/integrations
-
Notifications
You must be signed in to change notification settings - Fork 0
/
httpjson.yml.hbs
96 lines (85 loc) · 2.61 KB
/
httpjson.yml.hbs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
config_version: "2"
interval: {{interval}}
{{#if enable_request_tracer}}
request.tracer.filename: "../../logs/httpjson/http-request-trace-*.ndjson"
{{/if}}
request.method: "GET"
request.url: {{api_url}}/audit/v1/logs
{{#if ssl}}
request.ssl: {{ssl}}
{{/if}}
{{#if http_client_timeout}}
request.timeout: {{http_client_timeout}}
{{/if}}
{{#if proxy_url }}
request.proxy_url: {{proxy_url}}
{{/if}}
request.transforms:
- set:
target: header.Authorization
value: "Bearer {{oauth_token}}"
# If the pagination is interrupted, then the last cursor
# is saved and sent in the request url to continue pagination.
# If pagination is complete, then the new request will have 'first_event'
# date as 'oldest' param and 'now' as 'latest' param
{{#if this.cursor.pagination_incomplete}}
- set:
target: url.params.cursor
value: '[[- .cursor.last_cursor -]]'
{{else}}
- set:
target: url.params.oldest
value: '[[- .cursor.next_oldest_date -]]'
default: '[[(now (parseDuration "-{{initial_interval}}")).Unix]]'
- set:
target: url.params.latest
value: '[[(now).Unix]]'
{{/if}}
- set:
target: url.params.limit
value: '[[{{limit}}]]'
request.rate_limit.reset: '[[ add (toInt (.last_response.header.Get "Retry-After")) ((now).Unix) ]]'
request.rate_limit.remaining: '0' # hardcoded to 0 since slack doesn't return remaining header only reset
response.split:
target: body.entries
response.pagination:
- set:
target: url.params.cursor
value: '[[.last_response.body.response_metadata.next_cursor]]'
fail_on_template_error: true
- delete:
target: url.params.oldest
- delete:
target: url.params.latest
cursor:
pagination_incomplete:
# Use this flag to identify if an execution was interrupted in the middle
# of a pagination cycle.
value: '[[(index .last_response.body.response_metadata "next_cursor")]]'
fail_on_template_error: true
last_cursor:
# Use this value to be able to resume from an interrupted pagination cycle.
value: '[[.last_response.body.response_metadata.Get "next_cursor"]]'
fail_on_template_error: true
next_oldest_date:
# In order to pick the next startDate we keep the first event (newest) date.
value: "[[toInt .first_event.date_create]]"
fail_on_template_error: true
{{#if tags.length}}
tags:
{{else if preserve_original_event}}
tags:
{{/if}}
{{#each tags as |tag i|}}
- {{tag}}
{{/each}}
{{#if preserve_original_event}}
- preserve_original_event
{{/if}}
{{#contains "forwarded" tags}}
publisher_pipeline.disable_host: true
{{/contains}}
{{#if processors}}
processors:
{{processors}}
{{/if}}