Azure DevOps

Download 13
Last updated Nov 22, 2024

Install Guide

Install the Splunk App

Azure DevOps supports integration via the Splunk HTTP Event Collector (HEC). Logpresso Cloud and Logpresso Sonar support this same HEC-based input through the Splunk app. To configure the Azure DevOps audit log collector, you must first install the Splunk app (version 1.3.2411.0 or higher).

Splunk app

https://logpresso.store/ko/apps/splunk

Install the Azure DevOps App

After installing the Azure DevOps app, you will see the Azure DevOps (Splunk HEC) logger model, which uses the Splunk HEC collection type.

Azure DevOps (Splunk HEC) logger model

Configure Logger in Logpresso

Add a new logger by selecting the Azure DevOps logger model as shown below. Generate a random GUID for the token and enter it. This token will be used in later steps.

Azure DevOps logger configuration

  • Logger Model: Azure DevOps (Splunk HEC)
  • Table: AZURE_DEVOPS
  • Token: The randomly generated GUID value

Azure DevOps Auditing Setup

Navigate to Organization Settings and then go to General > Auditing. Click the Streams tab.

Azure DevOps Auditing

Click the New Stream button, and in the right panel, select Splunk as the method.

Azure DevOps - new stream

In the Splunk URL field, enter the Logpresso Cloud web server address and the Splunk Event Collector token.

Azure DevOps - set up stream

  • Splunk Url: https://SUBDOMAIN.logpresso.cloud/services/collector/event
  • Splunk Event Collector Token: The token GUID entered during Logpresso logger setup

Replace SUBDOMAIN with your organization's domain. It is recommended to separate the web UI port and HEC port. Contact Logpresso Support via ticket to request port 8088 to be opened.

When setting up the audit stream, Azure DevOps will send a test event with actionId AuditLog.TestStream to verify that the server responds correctly. Once the test succeeds, the stream setup is complete.