diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 81f3d944eaf..f96b5030e5b 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -716,6 +716,7 @@ field. You can revert this change by configuring tags for the module and omittin - New juniper.srx dataset for Juniper SRX logs. {pull}20017[20017] - Adding support for Microsoft 365 Defender (Microsoft Threat Protection) {pull}21446[21446] - Adding support for FIPS in s3 input {pull}21446[21446] +- Update Okta documentation for new stateful restarts. {pull}22091[22091] *Heartbeat* diff --git a/filebeat/docs/modules/okta.asciidoc b/filebeat/docs/modules/okta.asciidoc index 038f6d088dd..d1f8e6ea2ec 100644 --- a/filebeat/docs/modules/okta.asciidoc +++ b/filebeat/docs/modules/okta.asciidoc @@ -32,12 +32,6 @@ the logs while honoring any https://developer.okta.com/docs/reference/rate-limits/[rate-limiting] headers sent by Okta. -NOTE: This module does not persist the timestamp of the last read event in -order to facilitate resuming on restart. This feature will be coming in a future -version. When you restart the module will read events from the beginning of the -log. To minimize duplicates documents the module uses the event's Okta UUID -value as the Elasticsearch `_id`. - This is an example configuration for the module. [source,yaml] @@ -99,6 +93,15 @@ information. supported_protocols: [TLSv1.2] ---- +*`var.initial_interval`*:: + +An initial interval can be defined. The first time the module starts, will fetch events from the current moment minus the initial interval value. Following restarts will fetch events starting from the last event read. It defaults to `24h`. ++ +[source,yaml] +---- + var.initial_interval: 24h # will fetch events starting 24h ago. +---- + [float] === Example dashboard diff --git a/x-pack/filebeat/module/okta/_meta/docs.asciidoc b/x-pack/filebeat/module/okta/_meta/docs.asciidoc index 1ea5cc6a66d..297a8644987 100644 --- a/x-pack/filebeat/module/okta/_meta/docs.asciidoc +++ b/x-pack/filebeat/module/okta/_meta/docs.asciidoc @@ -27,12 +27,6 @@ the logs while honoring any https://developer.okta.com/docs/reference/rate-limits/[rate-limiting] headers sent by Okta. -NOTE: This module does not persist the timestamp of the last read event in -order to facilitate resuming on restart. This feature will be coming in a future -version. When you restart the module will read events from the beginning of the -log. To minimize duplicates documents the module uses the event's Okta UUID -value as the Elasticsearch `_id`. - This is an example configuration for the module. [source,yaml] @@ -94,6 +88,15 @@ information. supported_protocols: [TLSv1.2] ---- +*`var.initial_interval`*:: + +An initial interval can be defined. The first time the module starts, will fetch events from the current moment minus the initial interval value. Following restarts will fetch events starting from the last event read. It defaults to `24h`. ++ +[source,yaml] +---- + var.initial_interval: 24h # will fetch events starting 24h ago. +---- + [float] === Example dashboard