Commit 1289a1d
committed
proofpoint_on_demand: add sinceTime cursor to message stream
Track the ts timestamp from each message event and pass it as the
sinceTime query parameter on WebSocket reconnection. This allows the
agent to resume from its last position rather than relying on the
API's default replay behaviour, which only covers the most recent
hour of data [1].
The ts values have microsecond resolution while the API documentation
specifies millisecond resolution for sinceTime. We pass the
microsecond value through unchanged because at least one other
integration (logrhythm-proofpoint-on-demand [2]) does the same
successfully.
Only the message data stream is changed here. The mail and audit
streams use the same API endpoint and likely support sinceTime too,
but there is no direct evidence confirming that events are delivered
in ascending ts order for those stream types.
[1] https://docs.cyderes.cloud/files/proofpoint-on-demand-log-api-rev-c.pdf
[2] https://github.com/jpsutton/logrhythm-proofpoint-on-demand1 parent 9d43ae1 commit 1289a1d
File tree
3 files changed
+14
-1
lines changed- packages/proofpoint_on_demand
- data_stream/message/agent/stream
3 files changed
+14
-1
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
| 2 | + | |
| 3 | + | |
| 4 | + | |
| 5 | + | |
| 6 | + | |
2 | 7 | | |
3 | 8 | | |
4 | 9 | | |
| |||
Lines changed: 8 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
| 2 | + | |
| 3 | + | |
| 4 | + | |
| 5 | + | |
| 6 | + | |
2 | 7 | | |
3 | 8 | | |
4 | 9 | | |
5 | 10 | | |
6 | 11 | | |
| 12 | + | |
| 13 | + | |
| 14 | + | |
7 | 15 | | |
8 | 16 | | |
9 | 17 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
2 | 2 | | |
3 | 3 | | |
4 | | - | |
| 4 | + | |
5 | 5 | | |
6 | 6 | | |
7 | 7 | | |
| |||
0 commit comments