Install Guide
Install the Splunk App
Azure DevOps supports integration via the Splunk HTTP Event Collector (HEC). As a result, Logpresso Cloud and Logpresso Sonar also support the same HTTP reception through the Splunk app. To configure the Azure DevOps audit log collector, you must first install the Splunk app. Visit the following URL to install version 1.3.2411.0 or higher of the Splunk app:
https://logpresso.store/ko/apps/splunk
Install the Azure DevOps App
Install the Azure DevOps app. Once installed correctly, you will see the Azure DevOps (Splunk HEC) logger model, which references the Splunk HEC collection type as shown below:
Logpresso Logger Setup
Add a new logger by selecting the Azure DevOps logger model as shown below. Generate a random GUID for the token and enter it. This token will be used in later steps.
- Logger Model: Azure DevOps (Splunk HEC)
- Table:
AZURE_DEVOPS - Token: The randomly generated GUID value
Azure DevOps Auditing Setup
Navigate to Organization Settings and then go to General > Auditing. Click the Streams tab.
Click the New Stream button, and in the right panel, select Splunk as the method.
In the Splunk URL field, enter the Logpresso Cloud web server address and the Splunk Event Collector token.
- Splunk Url: https://SUBDOMAIN.logpresso.cloud/services/collector/event
- Splunk Event Collector Token: The token GUID entered during Logpresso logger setup
Replace SUBDOMAIN with your organization's domain. It is recommended to separate the web management console from the Splunk HEC port. To do this, contact Logpresso support and request the opening of port 8088.
The Azure DevOps auditing stream setup will be completed after sending a test event with actionId AuditLog.TestStream to verify that the web server response is normal.