Has anyone successfully integrated the 1Password event API with Graylog?
I’ve been a user since the v2 days and I’m implementing a new v6.1 instance. I’ve never used the HTTP JSON API interface before, though.
I’m successfully pulling events from the “signinattempts” API endpoint, but I’m getting duplicates with each request. The 1Password API implements what they call “pagination” using a value in the JSON called “cursor”. However, it appears that the Graylog input is stateless and has no way to keep track of that cursor value.
The 1Password support documents state that Elastic and Splunk both track this value to ensure you are only getting new events. Is there something I’m missing in Graylog that does this or any recommendations for a different method?