Ship audit log entries retrieved via REST

Confluence's audit log is only available via

What would be a good solution to ship these entries to Elasticsearch?

I had a look at the http_poller input plugin.
While it looks like a good candidate, I'd have to re-read all the audit events everytime.
I'd need something like an internal counter so that I could use the query parameter start to limit where the results should begin.

I think I have a possible solution, which is not overcomplicated.

I can use this API to get the records from the last hour for example.

In the http_poller I call this API every hour.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.