feat(okta): add rate_limit_early_limit configuration (#15835)

andrewkroh · web-flow · commit d64faaacf42b · 2025-11-06T12:13:03.000-05:00
Add support for the rate_limit_early_limit parameter to enable starting
rate-limiting before reaching the API response limit.  Values less than
1 are treated as a percentage of the limit, while values greater than or
equal to 1 are treated as the target remaining value.

This can avoid causing alerts to Okta admins under bursts of system log
activity by having the integration stop making requests as it gets close
to the limit.
diff --git a/packages/okta/changelog.yml b/packages/okta/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "3.11.0"
+  changes:
+    - description: Added support for rate_limit_early_limit configuration to start rate-limiting before reaching the API response limit.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/15835
 - version: "3.10.3"
   changes:
     - description: Optimize API pagination to prevent unnecessary requests when fewer logs than the limit are returned, reducing rate limit token consumption.
diff --git a/packages/okta/data_stream/system/agent/stream/httpjson.yml.hbs b/packages/okta/data_stream/system/agent/stream/httpjson.yml.hbs
@@ -13,6 +13,9 @@ request.rate_limit:
   limit: '[[.last_response.header.Get "X-Rate-Limit-Limit"]]'
   remaining: '[[.last_response.header.Get "X-Rate-Limit-Remaining"]]'
   reset: '[[.last_response.header.Get "X-Rate-Limit-Reset"]]'
+{{#if rate_limit_early_limit}}
+  early_limit: {{rate_limit_early_limit}}
+{{/if}}
 
 {{#if ssl}}
 request.ssl: {{ssl}}
diff --git a/packages/okta/data_stream/system/manifest.yml b/packages/okta/data_stream/system/manifest.yml
@@ -54,6 +54,13 @@ streams:
           # This works around system tests not allowing an assert.hit_count > 500.
           - default
           - agentless
+      - name: rate_limit_early_limit
+        title: Rate Limit Early Limit
+        description: Start rate-limiting before reaching the limit specified in the response. Values less than 1 are treated as a percentage of the limit (e.g. 0.9 means 90%). Values greater than or equal to 1 are treated as the target remaining value.
+        type: text
+        required: false
+        show_user: false
+        secret: false
 
     template_path: httpjson.yml.hbs
     title: Okta system logs
diff --git a/packages/okta/manifest.yml b/packages/okta/manifest.yml
@@ -1,6 +1,6 @@
 name: okta
 title: Okta
-version: "3.10.3"
+version: "3.11.0"
 description: Collect and parse event logs from Okta API with Elastic Agent.
 type: integration
 format_version: "3.2.3"
@@ -149,11 +149,7 @@ policy_templates:
             required: false
             show_user: false
             description: >-
-              The request tracer logs requests and responses to the agent's local file-system for debugging configurations.
-              Enabling this request tracing compromises security and should only be used for debugging. Disabling the request
-              tracer will delete any stored traces.
-              See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-httpjson.html#_request_tracer_filename)
-              for details.
+              The request tracer logs requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. Disabling the request tracer will delete any stored traces. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-httpjson.html#_request_tracer_filename) for details.
           - name: ssl
             type: yaml
             title: SSL
