Streams - Create
Create new Audit Stream
POST https://auditservice.dev.azure.com/{organization}/_apis/audit/streams?daysToBackfill={daysToBackfill}&api-version=6.0-preview.1URI Parameters
| Name | In | Required | Type | Description |
|---|---|---|---|---|
|
organization
|
path | True |
string |
The name of the Azure DevOps organization. |
|
api-version
|
query | True |
string |
Version of the API to use. This should be set to '6.0-preview.1' to use this version of the api. |
|
days
|
query | True |
integer int32 |
The number of days of previously recorded audit data that will be replayed into the stream. A value of zero will result in only new events being streamed. |
Request Body
| Name | Type | Description |
|---|---|---|
| consumerInputs |
object |
Inputs used to communicate with external service. Inputs could be url, a connection string, a token, etc. |
| consumerType |
string |
Type of the consumer, i.e. splunk, azureEventHub, etc. |
| createdTime |
string |
The time when the stream was created |
| displayName |
string |
Used to identify individual streams |
| id |
integer |
Unique stream identifier |
| status |
Status of the stream, Enabled, Disabled |
|
| statusReason |
string |
Reason for the current stream status, i.e. Disabled by the system, Invalid credentials, etc. |
| updatedTime |
string |
The time when the stream was last updated |
Responses
| Name | Type | Description |
|---|---|---|
| 200 OK |
successful operation |
Security
accessToken
Personal access token. Use any value for the user name and the token as the password.
Type:
basic
Examples
Create a stream
Sample Request
POST https://auditservice.dev.azure.com/{organization}/_apis/audit/streams?api-version=6.0-preview.1
{
"consumerInputs": {
"SplunkUrl": "https://input-prd-p-instance.cloud.splunk.com:8088",
"SplunkEventCollectorToken": "E12761A9-3E0D-4DAD-B0AA-5521ECA292E1"
},
"consumerType": "Splunk"
}
Sample Response
{
"id": 1,
"consumerType": "Splunk",
"displayName": "https://input-prd-p-instance.cloud.splunk.com:8088",
"consumerInputs": {
"SplunkUrl": "https://input-prd-p-instance.cloud.splunk.com:8088",
"SplunkEventCollectorToken": "************************"
},
"status": 1,
"statusReason": null,
"updatedTime": "/Date(1565715592526)/"
}Definitions
| Name | Description |
|---|---|
|
Audit |
This class represents an audit stream |
|
Audit |
Status of the stream, Enabled, Disabled |
AuditStream
This class represents an audit stream
| Name | Type | Description |
|---|---|---|
| consumerInputs |
object |
Inputs used to communicate with external service. Inputs could be url, a connection string, a token, etc. |
| consumerType |
string |
Type of the consumer, i.e. splunk, azureEventHub, etc. |
| createdTime |
string |
The time when the stream was created |
| displayName |
string |
Used to identify individual streams |
| id |
integer |
Unique stream identifier |
| status |
Status of the stream, Enabled, Disabled |
|
| statusReason |
string |
Reason for the current stream status, i.e. Disabled by the system, Invalid credentials, etc. |
| updatedTime |
string |
The time when the stream was last updated |
AuditStreamStatus
Status of the stream, Enabled, Disabled
| Name | Type | Description |
|---|---|---|
| backfilling |
string |
The stream is delivering old events |
| deleted |
string |
The stream has been marked for deletion |
| disabledBySystem |
string |
The stream has been disabled by the system |
| disabledByUser |
string |
The stream has been disabled by a user |
| enabled |
string |
The stream is enabled and can deliver events |
| unknown |
string |
The state has not been set, The stream is new |
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for