- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk Add-on Builder Checkpoint issues
Hello,
I'm creating a REST input for my Add-on, the REST call goes like this
https://api.domain.com/get/me/logs?oldest=<date+time in epoch (secs)>
My Events look something like this:
{"events": [ { "date": 1561939200, "id": "1234-6678-09982", "data": "Someone did something to this setting"}, { "date": 1561939100, "id": "1234-6678-09982", "data": "Someone else did something to this other setting"}, {...}]}
So my checkpoint path is events[0].date since the first event in the array is the latest one.
I set the interval for 300 sec (5 min)
But when ever the Script runs again, it repeats the last event and grab the new ones after, in that example I would find { "date": 1561939200, "id": "1234-6678-09982", "data": "Someone did something to this setting"} twice in Splunk.
How can I make it increment so it won't index the last event again?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm having the same issues, any resolution?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you increment the checkpoint number by one before saving it using the helper functions in the add-on builder? This should prevent it from getting the last event multiple times when there are no new events after the last checkpoint.
