Hi Karl,
The timestamp increment is for updating the poll interval. I am trying to pull logs from SailPoint using the query below. If I don't increment the timestamp by 1ms, I will end up downloading duplicated logs.
{
"query": {
"query": "created:[\bookmark TO now]"
},
Here is an example to visualize the poll interval. Hope this makes sense. I am open to other solutions if there is a better way to do this.
Poll #1: \bookmark TO now
Poll #2: (The Now timestamp from Poll #1 + 1ms) to now
Poll #3: (The Now timestamp from Poll #2 + 1ms) to now
------------------------------
Raymond Tam
------------------------------
Original Message:
Sent: Sat February 01, 2025 06:31 AM
From: Karl Jaeger
Subject: Workflow XML - increment the bookmark timestamp by 1ms
Raymond,
maybe I didnt catch the problem, but increment the bookmark timestamp value in microsecond intervals??? Really! What for?
------------------------------
[Karl] [Jaeger] [#ibmchampion]
[QRadar Specialist]
[cnag]
[Siegen] [Germany]
Original Message:
Sent: Tue January 28, 2025 01:53 PM
From: Raymond Tam
Subject: Workflow XML - increment the bookmark timestamp by 1ms
I am working on a workflow.xml file for the Universal Cloud RestFul API. The bookmark value will return the timestamp in this format: 2025-01-28T16:36:19.121Z. I am trying to increment the timestamp value by 1 ms. what is the best way to accomplish this? I tried the adddate function but they don't exist in QRadar workflow. Below is my Bookmark update section.
Example of timestamp increment:
2025-01-28T16:36:19.121Z (current value)
2025-01-28T16:36:19.122Z (New value)
<!-- Update the Bookmark -->
<If condition="/search/body != null">
<Set path="/bookmark" value="${/search/body[0]/created}" />
</If>
------------------------------
Raymond Tam
------------------------------