The input module for extended details not using the checkpoint value

[hettervik]

Hi. I've had some problems with duplicate events from the extended details inputs, from the script input_module_puppet_enterprise_extended_details.py. After doing some tests we've concluded that the checkpoint value is never being used in the script. That is, the following if statement is always true.

    if ckpt_value == None:
        old = now - datetime.timedelta(minutes=5)
        #format the time
        # This is a timestamp in UTC-based ISO-8601 format (YYYY-MM-DDThh:mm:ssZ) 
        start_time = old.strftime("%Y-%m-%dT%H:%M:%SZ") 
    #if it does exist then checkpoint value is start time
    else:
        start_time=ckpt_value

Does anyone got any idea on why this might be the case?

The tests we did were based on setting the old = now - datetime.timedelta(minutes=5) to higher values. If the ckpt_value would have been sat, it wouldn't matter how big the timedelta was, as it's only used in the initial startup of the TA. However when we set the timedelta to e.g. 10 minutes, any extended details event is indexed 10 times, indicating that the lookback with the timedelta is used for every run.

[mrzarquon]

Thanks for the report - we're reviewing the code and will be looking at an update soon.

[hettervik]

Hi. Great! I have another issue as well. Hope it's okay that I just post it here in the same thread. I have two separate instances. On one of them, the token is stored as simply *****. I know this because if I edit the extended details input script to log the HTTP header to Splunk, I can see the token as it is used in the header. For the other instance this is not the case. Here the token is logged to Splunk not as *****, but correctly as abcdefgthisisatoken. I haven't figured out why this is the case as of yet.