proofpoint_tap: improve clarity of agent config

packages/proofpoint_tap/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.24.0"
+  changes:
+    - description: Improve clarity of agent behavior configuration.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/11361
 - version: "1.23.0"
   changes:
     - description: Set default search period to one day.

packages/proofpoint_tap/data_stream/clicks_blocked/agent/stream/httpjson.yml.hbs

@@ -20,12 +20,36 @@ request.transforms:
       value: json
   - set:
       target: url.params.interval
-      value: '[[if (le (formatDate ((parseDate .cursor.last_received_time "RFC3339").Add (parseDuration "1h"))) (formatDate (now)))]][[formatDate (parseDate .cursor.last_received_time "RFC3339")]]/[[formatDate ((parseDate .cursor.last_received_time "RFC3339").Add (parseDuration "1h"))]][[else]][[formatDate (parseDate .cursor.last_received_time "RFC3339")]]/[[formatDate now]][[end]]'
-      default: '[[formatDate (now (parseDuration "-{{initial_interval}}"))]]/[[formatDate ((now (parseDuration "-{{initial_interval}}")).Add (parseDuration "1h"))]]'
+      value: |-
+        [[- $last := (parseDate .cursor.last_received_time "RFC3339") -]]
+        [[- $hour := (parseDuration "1h") -]]
+        [[- $end := ($last .Add $hour) -]]
+        [[- if ($end .Before now) -]]
+          [[- formatDate $last ]]/[[ formatDate $end -]]
+        [[- else -]]
+          [[- formatDate $last ]]/[[ formatDate now -]]
+        [[- end -]]
+      default: |-
+        [[- $start := (now (parseDuration "-{{initial_interval}}")) -]]
+        [[- $hour := (parseDuration "1h") -]]
+        [[- $end := ($start .Add $hour) -]]
+        [[- if ($end .Before now) -]]
+          [[- formatDate $start ]]/[[ formatDate $end -]]
+        [[- else -]]
+          [[- formatDate $start ]]/[[ formatDate now -]]
+        [[- end -]]
 response.pagination:
   - set:
       target: url.params.interval
-      value: '[[if (le (formatDate ((parseDate .last_response.body.queryEndTime "RFC3339").Add (parseDuration "1h"))) (formatDate (now)))]][[formatDate (parseDate .last_response.body.queryEndTime "RFC3339")]]/[[formatDate ((parseDate .last_response.body.queryEndTime "RFC3339").Add (parseDuration "1h"))]][[end]]'
+      value: |-
+        [[- $last := (parseDate .last_response.body.queryEndTime "RFC3339") -]]
+        [[- $hour := (parseDuration "1h") -]]
+        [[- $end := ($last .Add $hour) -]]
+        [[- if ($end .Before now) -]]
+          [[- formatDate $last ]]/[[ formatDate $end -]]
+        [[- else -]]
+          [[- formatDate $last ]]/[[ formatDate now -]]
+        [[- end -]]
       fail_on_template_error: true
 cursor:
   last_received_time:

packages/proofpoint_tap/data_stream/clicks_permitted/agent/stream/httpjson.yml.hbs

@@ -20,12 +20,36 @@ request.transforms:
       value: json
   - set:
       target: url.params.interval
-      value: '[[if (le (formatDate ((parseDate .cursor.last_received_time "RFC3339").Add (parseDuration "1h"))) (formatDate (now)))]][[formatDate (parseDate .cursor.last_received_time "RFC3339")]]/[[formatDate ((parseDate .cursor.last_received_time "RFC3339").Add (parseDuration "1h"))]][[else]][[formatDate (parseDate .cursor.last_received_time "RFC3339")]]/[[formatDate now]][[end]]'
-      default: '[[formatDate (now (parseDuration "-{{initial_interval}}"))]]/[[formatDate ((now (parseDuration "-{{initial_interval}}")).Add (parseDuration "1h"))]]'
+      value: |-
+        [[- $last := (parseDate .cursor.last_received_time "RFC3339") -]]
+        [[- $hour := (parseDuration "1h") -]]
+        [[- $end := ($last .Add $hour) -]]
+        [[- if ($end .Before now) -]]
+          [[- formatDate $last ]]/[[ formatDate $end -]]
+        [[- else -]]
+          [[- formatDate $last ]]/[[ formatDate now -]]
+        [[- end -]]
+      default: |-
+        [[- $start := (now (parseDuration "-{{initial_interval}}")) -]]
+        [[- $hour := (parseDuration "1h") -]]
+        [[- $end := ($start .Add $hour) -]]
+        [[- if ($end .Before now) -]]
+          [[- formatDate $start ]]/[[ formatDate $end -]]
+        [[- else -]]
+          [[- formatDate $start ]]/[[ formatDate now -]]
+        [[- end -]]
 response.pagination:
   - set:
       target: url.params.interval
-      value: '[[if (le (formatDate ((parseDate .last_response.body.queryEndTime "RFC3339").Add (parseDuration "1h"))) (formatDate (now)))]][[formatDate (parseDate .last_response.body.queryEndTime "RFC3339")]]/[[formatDate ((parseDate .last_response.body.queryEndTime "RFC3339").Add (parseDuration "1h"))]][[end]]'
+      value: |-
+        [[- $last := (parseDate .last_response.body.queryEndTime "RFC3339") -]]
+        [[- $hour := (parseDuration "1h") -]]
+        [[- $end := ($last .Add $hour) -]]
+        [[- if ($end .Before now) -]]
+          [[- formatDate $last ]]/[[ formatDate $end -]]
+        [[- else -]]
+          [[- formatDate $last ]]/[[ formatDate now -]]
+        [[- end -]]
       fail_on_template_error: true
 cursor:
   last_received_time:

packages/proofpoint_tap/data_stream/message_blocked/agent/stream/httpjson.yml.hbs

@@ -20,12 +20,36 @@ request.transforms:
       value: json
   - set:
       target: url.params.interval
-      value: '[[if (le (formatDate ((parseDate .cursor.last_received_time "RFC3339").Add (parseDuration "1h"))) (formatDate (now)))]][[formatDate (parseDate .cursor.last_received_time "RFC3339")]]/[[formatDate ((parseDate .cursor.last_received_time "RFC3339").Add (parseDuration "1h"))]][[else]][[formatDate (parseDate .cursor.last_received_time "RFC3339")]]/[[formatDate now]][[end]]'
-      default: '[[formatDate (now (parseDuration "-{{initial_interval}}"))]]/[[formatDate ((now (parseDuration "-{{initial_interval}}")).Add (parseDuration "1h"))]]'
+      value: |-
+        [[- $last := (parseDate .cursor.last_received_time "RFC3339") -]]
+        [[- $hour := (parseDuration "1h") -]]
+        [[- $end := ($last .Add $hour) -]]
+        [[- if ($end .Before now) -]]
+          [[- formatDate $last ]]/[[ formatDate $end -]]
+        [[- else -]]
+          [[- formatDate $last ]]/[[ formatDate now -]]
+        [[- end -]]
+      default: |-
+        [[- $start := (now (parseDuration "-{{initial_interval}}")) -]]
+        [[- $hour := (parseDuration "1h") -]]
+        [[- $end := ($start .Add $hour) -]]
+        [[- if ($end .Before now) -]]
+          [[- formatDate $start ]]/[[ formatDate $end -]]
+        [[- else -]]
+          [[- formatDate $start ]]/[[ formatDate now -]]
+        [[- end -]]
 response.pagination:
   - set:
       target: url.params.interval
-      value: '[[if (le (formatDate ((parseDate .last_response.body.queryEndTime "RFC3339").Add (parseDuration "1h"))) (formatDate (now)))]][[formatDate (parseDate .last_response.body.queryEndTime "RFC3339")]]/[[formatDate ((parseDate .last_response.body.queryEndTime "RFC3339").Add (parseDuration "1h"))]][[end]]'
+      value: |-
+        [[- $last := (parseDate .last_response.body.queryEndTime "RFC3339") -]]
+        [[- $hour := (parseDuration "1h") -]]
+        [[- $end := ($last .Add $hour) -]]
+        [[- if ($end .Before now) -]]
+          [[- formatDate $last ]]/[[ formatDate $end -]]
+        [[- else -]]
+          [[- formatDate $last ]]/[[ formatDate now -]]
+        [[- end -]]
       fail_on_template_error: true
 cursor:
   last_received_time:

packages/proofpoint_tap/data_stream/message_delivered/agent/stream/httpjson.yml.hbs

@@ -20,12 +20,36 @@ request.transforms:
       value: json
   - set:
       target: url.params.interval
-      value: '[[if (le (formatDate ((parseDate .cursor.last_received_time "RFC3339").Add (parseDuration "1h"))) (formatDate (now)))]][[formatDate (parseDate .cursor.last_received_time "RFC3339")]]/[[formatDate ((parseDate .cursor.last_received_time "RFC3339").Add (parseDuration "1h"))]][[else]][[formatDate (parseDate .cursor.last_received_time "RFC3339")]]/[[formatDate now]][[end]]'
-      default: '[[formatDate (now (parseDuration "-{{initial_interval}}"))]]/[[formatDate ((now (parseDuration "-{{initial_interval}}")).Add (parseDuration "1h"))]]'
+      value: |-
+        [[- $last := (parseDate .cursor.last_received_time "RFC3339") -]]
+        [[- $hour := (parseDuration "1h") -]]
+        [[- $end := ($last .Add $hour) -]]
+        [[- if ($end .Before now) -]]
+          [[- formatDate $last ]]/[[ formatDate $end -]]
+        [[- else -]]
+          [[- formatDate $last ]]/[[ formatDate now -]]
+        [[- end -]]
+      default: |-
+        [[- $start := (now (parseDuration "-{{initial_interval}}")) -]]
+        [[- $hour := (parseDuration "1h") -]]
+        [[- $end := ($start .Add $hour) -]]
+        [[- if ($end .Before now) -]]
+          [[- formatDate $start ]]/[[ formatDate $end -]]
+        [[- else -]]
+          [[- formatDate $start ]]/[[ formatDate now -]]
+        [[- end -]]
 response.pagination:
   - set:
       target: url.params.interval
-      value: '[[if (le (formatDate ((parseDate .last_response.body.queryEndTime "RFC3339").Add (parseDuration "1h"))) (formatDate (now)))]][[formatDate (parseDate .last_response.body.queryEndTime "RFC3339")]]/[[formatDate ((parseDate .last_response.body.queryEndTime "RFC3339").Add (parseDuration "1h"))]][[end]]'
+      value: |-
+        [[- $last := (parseDate .cursor.last_received_time "RFC3339") -]]
+        [[- $hour := (parseDuration "1h") -]]
+        [[- $end := ($last .Add $hour) -]]
+        [[- if ($end .Before now) -]]
+          [[- formatDate $last ]]/[[ formatDate $end -]]
+        [[- else -]]
+          [[- formatDate $last ]]/[[ formatDate now -]]
+        [[- end -]]
       fail_on_template_error: true
 cursor:
   last_received_time:

packages/proofpoint_tap/manifest.yml

@@ -1,7 +1,7 @@
 format_version: "3.0.3"
 name: proofpoint_tap
 title: Proofpoint TAP
-version: "1.23.0"
+version: "1.24.0"
 description: Collect logs from Proofpoint TAP with Elastic Agent.
 type: integration
 categories: