Hello team,
I have requirement to create alert if latest application name expiry date is within 15 days .
Challenges: I have Json array where this information is stored and we need to alert if application name expiry is within 15 days. Once password is changed it will add new entry with updated expiry date and application name. Now when we hit API again existing expiry and new expiry both the logs are ingested into Kibana and my alerts get triggered for expiry again based on old logs only.
{
"@ad.context": "mydata",
"value": [
{
"app_name": "facebook",
"passwordCredentials": [
{
"endDateTime": "2025-01-01T11:07:13.6718884Z",
},
{
"endDateTime": "2024-11-15T11:07:13.6718884Z",
},
{
"endDateTime": "2024-10-28T11:07:13.6718884Z",
}
]
}
]
}
In above example i have three entries for password expiery alert , Where 3rd one already expiered, 2nd one going to expiered in next 10 days , and 3rd one they have renwed password before expiery and new date is Jan 2025.
If i hit API through http_poller it is taking all 3 recordes and sending alert saying password going to expiered on 15th Nov 2024 based on 2nd expiery date, but it should consider latest expiery in alert and ignore other 2 entries