From ec5e8a4ca1d0b5c0005a9d784e33bdc49a6c62ed Mon Sep 17 00:00:00 2001
From: Sean Whalen <whalenster@gmail.com>
Date: Wed, 26 Sep 2018 16:03:20 -0400
Subject: [PATCH] 4.0.2 -  Use report timestamps for Splunk timestamps

---
 CHANGELOG.md           | 5 +++++
 parsedmarc/__init__.py | 2 +-
 parsedmarc/splunk.py   | 7 ++++++-
 setup.py               | 2 +-
 4 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 65a628f..5b1ace8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,8 @@
+4.0.2
+-----
+
+- Use report timestamps for Splunk timestamps
+
 4.0.1
 -----
 
diff --git a/parsedmarc/__init__.py b/parsedmarc/__init__.py
index 0e92ca8..70d7692 100644
--- a/parsedmarc/__init__.py
+++ b/parsedmarc/__init__.py
@@ -44,7 +44,7 @@ import imapclient.exceptions
 import dateparser
 import mailparser
 
-__version__ = "4.0.0"
+__version__ = "4.0.2"
 
 logger = logging.getLogger(__name__)
 logger.setLevel(logging.INFO)
diff --git a/parsedmarc/splunk.py b/parsedmarc/splunk.py
index 008a2b2..96189b9 100644
--- a/parsedmarc/splunk.py
+++ b/parsedmarc/splunk.py
@@ -4,7 +4,7 @@ import json
 
 import requests
 
-from parsedmarc import __version__
+from parsedmarc import __version__, human_timestamp_to_timestamp
 
 
 class SplunkError(RuntimeError):
@@ -94,6 +94,8 @@ class HECClient(object):
                         "spf"]
 
             data["sourcetype"] = "dmarc:aggregate"
+            timestamp = human_timestamp_to_timestamp(new_report["begin_date"])
+            data["time"] = timestamp
             data["event"] = new_report.copy()
             json_str += "{0}\n".format(json.dumps(data))
         try:
@@ -122,6 +124,9 @@ class HECClient(object):
         for report in forensic_reports:
             data = self._common_data.copy()
             data["sourcetype"] = "dmarc:forensic"
+            timestamp = human_timestamp_to_timestamp(
+                report["arrival_date_utc"])
+            data["time"] = timestamp
             data["event"] = report.copy()
             json_str += "{0}\n".format(json.dumps(data))
         try:
diff --git a/setup.py b/setup.py
index eb9fe52..fa38571 100644
--- a/setup.py
+++ b/setup.py
@@ -14,7 +14,7 @@ from setuptools import setup
 from codecs import open
 from os import path
 
-__version__ = "4.0.1"
+__version__ = "4.0.2"
 description = "A Python package and CLI for parsing aggregate and " \
               "forensic DMARC reports"