elastic · taylor-swanson · Sep 18, 2023 · Sep 13, 2023 · Sep 13, 2023 · Sep 14, 2023
@@ -17,8 +17,10 @@ rules:
     request_headers:
       authorization: Basic dGVzdC51c2VyOmFiYzEyMw==
     query_params:
-      from: "{from:.*}"
-      to: "{to:.*}"
+      from: >-
+        {from:[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}(?:\.[0-9]{1,3})?(?:(?:[+-][0-9]{4})|Z)?}
+      to: >-
+        {to:[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}(?:\.[0-9]{1,3})?(?:(?:[+-][0-9]{4})|Z)?}
       limit: "2"
     responses:
       - status_code: 200
@@ -30,8 +32,8 @@ rules:
     request_headers:
       authorization: Basic dGVzdC51c2VyOmFiYzEyMw==
     query_params:
-      startDate: "{startDate:.*}"
-      endDate: "{endDate:.*}"
+      startDate: "{startDate:[0-9]+}"
+      endDate: "{endDate:[0-9]+}"
       start: "2"
       limit: "2"
     responses:
@@ -43,8 +45,8 @@ rules:
     request_headers:
       authorization: Basic dGVzdC51c2VyOmFiYzEyMw==
     query_params:
-      startDate: "{startDate:.*}"
-      endDate: "{endDate:.*}"
+      startDate: "{startDate:[0-9]+}"
+      endDate: "{endDate:[0-9]+}"
       limit: "2"
       start: "0"
     responses:

@@ -4,4 +4,4 @@
 {"affectedObjects":[{"id":"2c9580827d4a06e8017d4a0e9dda0001","name":"Another User","type":"User"}],"auditType":{"action":"User created","actionI18nKey":"audit.logging.summary.user.created","area":"USER_MANAGEMENT","category":"Users and groups","categoryI18nKey":"audit.logging.category.user.management","level":"BASE"},"author":{"id":"2c9580827d4a06e8017d4a07c3e10000","name":"test.user","type":"user"},"changedValues":[{"i18nKey":"Display name","key":"Display name","to":"Another User"},{"i18nKey":"Email","key":"Email","to":"[email protected]"},{"i18nKey":"Username","key":"Username","to":"another.user"},{"i18nKey":"Active","key":"Active","to":"Yes"}],"extraAttributes":[],"method":"Browser","source":"81.2.69.143","system":"http://confluence.internal:8090","timestamp":{"epochSecond":1637625013,"nano":842000000},"version":"1.0"}
 {"affectedObjects":[{"id":"confluence-users","name":"confluence-users","type":"Group"},{"id":"2c9580827d4a06e8017d4a0e9dda0001","name":"another.user","type":"User"}],"auditType":{"action":"User added to group","actionI18nKey":"audit.logging.summary.group.membership.added","area":"USER_MANAGEMENT","category":"Users and groups","categoryI18nKey":"audit.logging.category.user.management","level":"BASE"},"author":{"id":"2c9580827d4a06e8017d4a07c3e10000","name":"test.user","type":"user"},"changedValues":[],"extraAttributes":[],"method":"Browser","source":"81.2.69.143","system":"http://confluence.internal:8090","timestamp":{"epochSecond":1637625013,"nano":966000000},"version":"1.0"}
 {"affectedObjects":[{"id":"confluence-administrators","name":"confluence-administrators","type":"Group"},{"id":"2c9580827d4a06e8017d4a0e9dda0001","name":"another.user","type":"User"}],"auditType":{"action":"User added to group","actionI18nKey":"audit.logging.summary.group.membership.added","area":"USER_MANAGEMENT","category":"Users and groups","categoryI18nKey":"audit.logging.category.user.management","level":"BASE"},"author":{"id":"2c9580827d4a06e8017d4a07c3e10000","name":"test.user","type":"user"},"changedValues":[],"extraAttributes":[],"method":"Browser","source":"81.2.69.143","system":"http://confluence.internal:8090","timestamp":{"epochSecond":1637625032,"nano":205000000},"version":"1.0"}
-{"affectedObjects":[],"auditType":{"action":"Audit Log search performed","actionI18nKey":"atlassian.audit.event.action.audit.search","area":"AUDIT_LOG","category":"Auditing","categoryI18nKey":"atlassian.audit.event.category.audit","level":"BASE"},"author":{"id":"2c9580827d4a06e8017d4a07c3e10000","name":"test.user","type":"user"},"changedValues":[],"extraAttributes":[{"name":"Results returned","nameI18nKey":"atlassian.audit.event.attribute.results","value":"63"},{"name":"Query","nameI18nKey":"atlassian.audit.event.attribute.query","value":""},{"name":"ID Range","nameI18nKey":"atlassian.audit.event.attribute.id","value":"1 - 63"},{"name":"Timestamp Range","nameI18nKey":"atlassian.audit.event.attribute.timestamp","value":"2021-11-22T23:42:45.791Z - 2021-11-22T23:50:32.205Z"}],"method":"Browser","source":"81.2.69.143","system":"http://confluence.internal:8090","timestamp":{"epochSecond":1637625035,"nano":770000000},"version":"1.0"}
+{"affectedObjects":[],"auditType":{"action":"Audit Log search performed","actionI18nKey":"atlassian.audit.event.action.audit.search","area":"AUDIT_LOG","category":"Auditing","categoryI18nKey":"atlassian.audit.event.category.audit","level":"BASE"},"author":{"id":"2c9580827d4a06e8017d4a07c3e10000","name":"test.user","type":"user"},"changedValues":[],"extraAttributes":[{"name":"Results returned","nameI18nKey":"atlassian.audit.event.attribute.results","value":"63"},{"name":"Query","nameI18nKey":"atlassian.audit.event.attribute.query","value":""},{"name":"ID Range","nameI18nKey":"atlassian.audit.event.attribute.id","value":"1 - 63"},{"name":"Timestamp Range","nameI18nKey":"atlassian.audit.event.attribute.timestamp","value":"2021-11-22T23:42:45.791Z - 2021-11-22T23:50:32.205Z"}],"method":"Browser","source":"81.2.69.143","system":"http://confluence.internal:8090","timestamp":{"epochSecond":1637625035,"nano":770000000},"version":"1.0"}
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.16.2"
+  changes:
+    - description: Ensure pagination request timestamps are properly encoded.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/7802
 - version: "1.16.1"
   changes:
     - description: Fixed cursor timestamp handling.

@@ -12,3 +12,5 @@ data_stream:
       verification_mode: none
     atlassian_cloud: true
     enable_request_tracer: true
+assert:
+  hit_count: 4
@@ -11,3 +11,5 @@ data_stream:
     ssl: |-
       verification_mode: none
     enable_request_tracer: true
+assert:
+  hit_count: 4
@@ -6,3 +6,5 @@ data_stream:
       - "{{SERVICE_LOGS_DIR}}/*.log"
     preserve_original_event: true
     enable_request_tracer: true
+assert:
+  hit_count: 7
@@ -50,16 +50,17 @@ response.split:
 
 response.pagination:
   - set:
-      target: url.value
-      value: >
-        [[sprintf "%s/wiki/rest/api/audit?endDate=%s&startDate=%s&start=%d&limit=%s"
-        "{{api_url}}"
-        (.last_response.url.params.Get "endDate")
-        (.last_response.url.params.Get "startDate")
-        (add (toInt .last_response.body.start) (toInt .last_response.body.limit))
-        "{{ limit }}"]]
-      fail_on_template_error: true
-
+      target: url.params.endDate
+      value: '[[.last_response.url.params.Get "endDate"]]'
+  - set:
+      target: url.params.startDate
+      value: '[[.last_response.url.params.Get "startDate"]]'
+  - set:
+      target: url.params.start
+      value: '[[add (toInt .last_response.body.start) (toInt .last_response.body.limit)]]'
+  - set:
+      target: url.params.limit
+      value: '{{limit}}'
 cursor:
   last_timestamp:
     value: '[[(toInt .first_event.creationDate)]]'

@@ -38,14 +38,14 @@ streams:
         show_user: false
         description: >
           Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.
+
       - name: condition
         title: Condition
         description: Condition to filter when to collect this input. See [Dynamic Input Configuration](https://www.elastic.co/guide/en/fleet/current/dynamic-input-configuration.html) for details.
         type: text
         multi: false
         required: false
         show_user: false
-
   - input: httpjson
     title: Confluence audit logs via Confluence audit API
     description: Collect Confluence audit logs via Confluence audit API

@@ -1,7 +1,7 @@
 format_version: 2.7.0
 name: atlassian_confluence
 title: Atlassian Confluence
-version: "1.16.1"
+version: "1.16.2"
 description: Collect logs from Atlassian Confluence with Elastic Agent.
 type: integration
 categories: