Install Guide
Install the Splunk App
Azure DevOps supports integration via the Splunk HTTP Event Collector (HEC). Logpresso Cloud and Logpresso Sonar support this same HEC-based input through the Splunk app. To configure the Azure DevOps audit log collector, you must first install the Splunk app (version 1.3.2411.0 or higher).
https://logpresso.store/ko/apps/splunk
Install the Azure DevOps App
After installing the Azure DevOps app, you will see the Azure DevOps (Splunk HEC) logger model, which uses the Splunk HEC collection type.
Configure Logger in Logpresso
Add a new logger by selecting the Azure DevOps logger model as shown below. Generate a random GUID for the token and enter it. This token will be used in later steps.
- Logger Model: Azure DevOps (Splunk HEC)
- Table:
AZURE_DEVOPS - Token: The randomly generated GUID value
Azure DevOps Auditing Setup
Navigate to Organization Settings and then go to General > Auditing. Click the Streams tab.
Click the New Stream button, and in the right panel, select Splunk as the method.
In the Splunk URL field, enter the Logpresso Cloud web server address and the Splunk Event Collector token.
- Splunk Url: https://SUBDOMAIN.logpresso.cloud/services/collector/event
- Splunk Event Collector Token: The token GUID entered during Logpresso logger setup
Replace SUBDOMAIN with your organization's domain. It is recommended to separate the web UI port and HEC port. Contact Logpresso Support via ticket to request port 8088 to be opened.
When setting up the audit stream, Azure DevOps will send a test event with actionId AuditLog.TestStream to verify that the server responds correctly.
Once the test succeeds, the stream setup is complete.