4.0.2 - Use report timestamps for Splunk timestamps

CHANGELOG.md

@@ -1,3 +1,8 @@
+4.0.2
+-----
+
+- Use report timestamps for Splunk timestamps
+
 4.0.1
 -----
 

parsedmarc/__init__.py

@@ -44,7 +44,7 @@ import imapclient.exceptions
 import dateparser
 import mailparser
 
-__version__ = "4.0.0"
+__version__ = "4.0.2"
 
 logger = logging.getLogger(__name__)
 logger.setLevel(logging.INFO)

parsedmarc/splunk.py

@@ -4,7 +4,7 @@ import json
 
 import requests
 
-from parsedmarc import __version__
+from parsedmarc import __version__, human_timestamp_to_timestamp
 
 
 class SplunkError(RuntimeError):
@@ -94,6 +94,8 @@ class HECClient(object):
                         "spf"]
 
             data["sourcetype"] = "dmarc:aggregate"
+            timestamp = human_timestamp_to_timestamp(new_report["begin_date"])
+            data["time"] = timestamp
             data["event"] = new_report.copy()
             json_str += "{0}\n".format(json.dumps(data))
         try:
@@ -122,6 +124,9 @@ class HECClient(object):
         for report in forensic_reports:
             data = self._common_data.copy()
             data["sourcetype"] = "dmarc:forensic"
+            timestamp = human_timestamp_to_timestamp(
+                report["arrival_date_utc"])
+            data["time"] = timestamp
             data["event"] = report.copy()
             json_str += "{0}\n".format(json.dumps(data))
         try:

setup.py

@@ -14,7 +14,7 @@ from setuptools import setup
 from codecs import open
 from os import path
 
-__version__ = "4.0.1"
+__version__ = "4.0.2"
 description = "A Python package and CLI for parsing aggregate and " \
               "forensic DMARC reports"