From 9e4ffdd54c218f9ccf8557c03ac7484b52d3f256 Mon Sep 17 00:00:00 2001
From: Sean Whalen <seanthegeek@users.noreply.github.com>
Date: Sat, 29 Nov 2025 21:32:33 -0500
Subject: [PATCH] Add interval_begin, interval_end, and normalized_timespan  to
 the Splunk report

---
 parsedmarc/splunk.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/parsedmarc/splunk.py b/parsedmarc/splunk.py
index 16fcfc6..7edf1b5 100644
--- a/parsedmarc/splunk.py
+++ b/parsedmarc/splunk.py
@@ -78,7 +78,9 @@ class HECClient(object):
                 new_report = dict()
                 for metadata in report["report_metadata"]:
                     new_report[metadata] = report["report_metadata"][metadata]
-                new_report["interval_begin"] = report ["interval_begin"]
+                new_report["interval_begin"] = record["interval_begin"]
+                new_report["interval_end"] =  record["interval_end"]
+                new_report["normalized_timespan"] = record["normalized_timespan"] 
                 new_report["published_policy"] = report["policy_published"]
                 new_report["source_ip_address"] = record["source"]["ip_address"]
                 new_report["source_country"] = record["source"]["country"]