Streams - Create
Create new Audit Stream
POST https://auditservice.dev.azure.com/{organization}/_apis/audit/streams?daysToBackfill={daysToBackfill}&api-version=7.1-preview.1
URI Parameters
Name | In | Required | Type | Description |
---|---|---|---|---|
organization
|
path | True |
string |
The name of the Azure DevOps organization. |
api-version
|
query | True |
string |
Version of the API to use. This should be set to '7.1-preview.1' to use this version of the api. |
days
|
query | True |
integer int32 |
The number of days of previously recorded audit data that will be replayed into the stream. A value of zero will result in only new events being streamed. |
Request Body
Name | Type | Description |
---|---|---|
consumerInputs |
object |
Inputs used to communicate with external service. Inputs could be url, a connection string, a token, etc. |
consumerType |
string |
Type of the consumer, i.e. splunk, azureEventHub, etc. |
createdTime |
string |
The time when the stream was created |
displayName |
string |
Used to identify individual streams |
id |
integer |
Unique stream identifier |
status |
Status of the stream, Enabled, Disabled |
|
statusReason |
string |
Reason for the current stream status, i.e. Disabled by the system, Invalid credentials, etc. |
updatedTime |
string |
The time when the stream was last updated |
Responses
Name | Type | Description |
---|---|---|
200 OK |
successful operation |
Security
oauth2
Type:
oauth2
Flow:
accessCode
Authorization URL:
https://app.vssps.visualstudio.com/oauth2/authorize&response_type=Assertion
Token URL:
https://app.vssps.visualstudio.com/oauth2/token?client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer
Scopes
Name | Description |
---|---|
vso.auditstreams_manage | Grants the ability to manage auditing streams to users |
Examples
Create a stream
Sample request
POST https://auditservice.dev.azure.com/{organization}/_apis/audit/streams?api-version=7.1-preview.1
{
"consumerInputs": {
"SplunkUrl": "https://input-prd-p-instance.cloud.splunk.com:8088",
"SplunkEventCollectorToken": "E12761A9-3E0D-4DAD-B0AA-5521ECA292E1"
},
"consumerType": "Splunk"
}
Sample response
{
"id": 1,
"consumerType": "Splunk",
"displayName": "https://input-prd-p-instance.cloud.splunk.com:8088",
"consumerInputs": {
"SplunkUrl": "https://input-prd-p-instance.cloud.splunk.com:8088",
"SplunkEventCollectorToken": "************************"
},
"status": 1,
"statusReason": null,
"updatedTime": "/Date(1565715592526)/"
}
Definitions
Name | Description |
---|---|
Audit |
This class represents an audit stream |
Audit |
Status of the stream, Enabled, Disabled |
AuditStream
This class represents an audit stream
Name | Type | Description |
---|---|---|
consumerInputs |
object |
Inputs used to communicate with external service. Inputs could be url, a connection string, a token, etc. |
consumerType |
string |
Type of the consumer, i.e. splunk, azureEventHub, etc. |
createdTime |
string |
The time when the stream was created |
displayName |
string |
Used to identify individual streams |
id |
integer |
Unique stream identifier |
status |
Status of the stream, Enabled, Disabled |
|
statusReason |
string |
Reason for the current stream status, i.e. Disabled by the system, Invalid credentials, etc. |
updatedTime |
string |
The time when the stream was last updated |
AuditStreamStatus
Status of the stream, Enabled, Disabled
Name | Type | Description |
---|---|---|
backfilling |
string |
The stream is delivering old events |
deleted |
string |
The stream has been marked for deletion |
disabledBySystem |
string |
The stream has been disabled by the system |
disabledByUser |
string |
The stream has been disabled by a user |
enabled |
string |
The stream is enabled and can deliver events |
unknown |
string |
The state has not been set, The stream is new |