I am using the Fleet integration for httpjson to attempt to pull down API logs.
The request I am mimicking in the config is the curl request below (which works correctly).
curl --location --request POST 'https://api.jumpcloud.com/insights/directory/v1/events' \
--header 'Content-Type: application/json' \
--header 'x-org-id: xxxxxx' \
--header 'x-api-key: xxxxxxxxxxxxxxxx' \
--data-raw '{"service": ["all"], "start_time": "2022-03-01T14:00:00Z"}'
In the Fleet config for the integration, I am setting the request transforms, like so -
- set:
target: header.Content-Type
value: 'application/json'
- set:
target: header.x-org-id
value: 'xxxxxxxx'
- set:
target: header.x-api-key
value: 'xxxxxxxxxxxxxxxx'
- set:
target: body.service
value: ["all"]
- set:
target: body.start_time
value: '2022-03-15T14:00:00Z'
I've tried all variations of the below, which I think may be the issue, including "all", "[all]", all, [all], but to no avail.
- set:
target: body.service
value: all
I continue to get errors like this one.
[elastic_agent.filebeat][error] Error while processing http request: failed to execute http client.Do: server responded with status code 400: {"message":"Unable to parse JSON request body Invalid service: \u0026[34 97 108 108 34] json: cannot unmarshal string into Go value of type []model.ServiceEnum"}
Can anyone assist in what I may be doing wrong, so I can correctly get the integration pulling logs from the API endpoint?