diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index ae48f268977..99008bf7181 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -640,6 +640,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Adding support for FIPS in s3 input {pull}21446[21446] - Add SSL option to checkpoint module {pull}19560[19560] - Add max_number_of_messages config into s3 input. {pull}21993[21993] +- Update Okta documentation for new stateful restarts. {pull}22091[22091] *Heartbeat* diff --git a/filebeat/docs/modules/okta.asciidoc b/filebeat/docs/modules/okta.asciidoc index 038f6d088dd..d1f8e6ea2ec 100644 --- a/filebeat/docs/modules/okta.asciidoc +++ b/filebeat/docs/modules/okta.asciidoc @@ -32,12 +32,6 @@ the logs while honoring any https://developer.okta.com/docs/reference/rate-limits/[rate-limiting] headers sent by Okta. -NOTE: This module does not persist the timestamp of the last read event in -order to facilitate resuming on restart. This feature will be coming in a future -version. When you restart the module will read events from the beginning of the -log. To minimize duplicates documents the module uses the event's Okta UUID -value as the Elasticsearch `_id`. - This is an example configuration for the module. [source,yaml] @@ -99,6 +93,15 @@ information. supported_protocols: [TLSv1.2] ---- +*`var.initial_interval`*:: + +An initial interval can be defined. The first time the module starts, will fetch events from the current moment minus the initial interval value. Following restarts will fetch events starting from the last event read. It defaults to `24h`. ++ +[source,yaml] +---- + var.initial_interval: 24h # will fetch events starting 24h ago. +---- + [float] === Example dashboard diff --git a/x-pack/filebeat/module/okta/_meta/docs.asciidoc b/x-pack/filebeat/module/okta/_meta/docs.asciidoc index 1ea5cc6a66d..297a8644987 100644 --- a/x-pack/filebeat/module/okta/_meta/docs.asciidoc +++ b/x-pack/filebeat/module/okta/_meta/docs.asciidoc @@ -27,12 +27,6 @@ the logs while honoring any https://developer.okta.com/docs/reference/rate-limits/[rate-limiting] headers sent by Okta. -NOTE: This module does not persist the timestamp of the last read event in -order to facilitate resuming on restart. This feature will be coming in a future -version. When you restart the module will read events from the beginning of the -log. To minimize duplicates documents the module uses the event's Okta UUID -value as the Elasticsearch `_id`. - This is an example configuration for the module. [source,yaml] @@ -94,6 +88,15 @@ information. supported_protocols: [TLSv1.2] ---- +*`var.initial_interval`*:: + +An initial interval can be defined. The first time the module starts, will fetch events from the current moment minus the initial interval value. Following restarts will fetch events starting from the last event read. It defaults to `24h`. ++ +[source,yaml] +---- + var.initial_interval: 24h # will fetch events starting 24h ago. +---- + [float] === Example dashboard