# OKTA System Log API This data pipeline extracts the System logs from Okta technology using the Log API.

This Pipeline integrates with API Logs from the OKTA Platform using the[ **HTTP Pull**](https://docs.onum.com/marketplace/falcon-onum-marketplace/pulling-pipelines/broken-reference) Listener, transforming it from JSON to CSV format. ## Listen The Listener pulls events using the **Configure as YAML** option, using the following YAML:

withTemporalWindow: true
temporalWindow:
  duration: 1m
  offset: 1m
  tz: UTC
  format: "2006-01-02T15:04:05"
withAuthentication: false
withEnumerationPhase: false
collectionPhase:
  paginationType: "webLinking"
  limit: 1000
  request:
    responseType: json
    method: "GET"
    url: "****************"
    headers:
      - name: Accept
        value: "application/json"
      - name: Content-Type
        value: "application/json"
      - name: Authorization
        value: "**********"
    queryParams:
      - name: since
        value: "${temporalWindow.from}"
      - name: until
        value: "${temporalWindow.to}"
  output:
    select: "."
    map: "."
    outputMode: "element"

{% hint style="info" %} See the article dedicated to setting up OKTA system log APIs [here](https://docs.onum.com/marketplace/falcon-onum-marketplace/pulling-pipelines/okta-system-log-api). {% endhint %} ## Transform OKTA data ### Flat JSON We need to flatten the incoming JSON with key-value pairs that we can then parse into more specific fields.

### Parser The parser extracts the individual fields coming from the OKTA JSON into more detailed fields, including severity, actor information, user agent data and other transaction data.

### Message Builder We use the [**Message Builder** ](https://docs.onum.com/the-workspace/pipelines/actions/formatting/message-builder)action to transform the fields to CSV format, using a comma as the delimiter. You can now send on your CSV containing OKTA logs to your preferred destination using a sink.