Hello,
I'm creating a REST input for my Add-on, the REST call goes like this
https://api.domain.com/get/me/logs?oldest=<date+time in epoch (secs)>
My Events look something like this:
{"events": [ { "date": 1561939200, "id": "1234-6678-09982", "data": "Someone did something to this setting"}, { "date": 1561939100, "id": "1234-6678-09982", "data": "Someone else did something to this other setting"}, {...}]}
So my checkpoint path is events[0].date since the first event in the array is the latest one.
I set the interval for 300 sec (5 min)
But when ever the Script runs again, it repeats the last event and grab the new ones after, in that example I would find { "date": 1561939200, "id": "1234-6678-09982", "data": "Someone did something to this setting"} twice in Splunk.
How can I make it increment so it won't index the last event again?