• HashiCorp Developer

  • HashiCorp Cloud Platform
  • Terraform
  • Packer
  • Consul
  • Vault
  • Boundary
  • Nomad
  • Waypoint
  • Vagrant
Vault
  • Install
  • Tutorials
  • Documentation
  • API
  • Try Cloud(opens in new tab)
  • Sign up
HCP Vault Monitoring

Skip to main content
7 tutorials
  • HCP Vault Metrics Guide
  • Configure HCP Vault Metrics Streaming to Datadog
  • Configure HCP Vault Audit Logs Streaming to Datadog
  • Configure HCP Vault Metrics Streaming to Grafana Cloud
  • Configure HCP Vault Audit Logs Streaming to Grafana Cloud
  • Configure HCP Vault Metrics Streaming to Splunk
  • Configure HCP Vault Audit Logs Streaming to Splunk

  • Resources

  • Tutorial Library
  • Certifications
  • Community Forum
    (opens in new tab)
  • Support
    (opens in new tab)
  • GitHub
    (opens in new tab)
  1. Developer
  2. Vault
  3. Tutorials
  4. HCP Vault Monitoring
  5. Configure HCP Vault Audit Logs Streaming to Splunk

Configure HCP Vault Audit Logs Streaming to Splunk

  • 2min

  • HCPHCP
  • VaultVault

This tutorial covers configuration of HCP Vault audit logs streaming to your existing Splunk environment.

Availability: HCP Vault audit logs streaming is available for all production grade clusters. The feature is not available for Development tier clusters.

Prerequisites

To configure audit logs streaming to Splunk, you will need to have:

  • Have access to a paid Splunk Cloud or Enterprise account.

    Note: Splunk Cloud Trial account would not work with HCP Vault as its HEC (HTTP Event Collector ) listener is hosted using a self signed certificate that HCP won't trust.

  • Your Splunk HEC and token.

    Note: HEC endpoint should be created using events and not metrics index in Splunk.

  • An account with Admin or Contributor role assigned in HCP

  • A production grade HCP Vault cluster

If you don't have a cluster running, refer to the Create a Vault Cluster on HCP tutorial to create an HCP Vault cluster through HCP Portal. Or, refer to the Deploy HCP Vault with Terraform tutorial to provision an HCP Vault cluster using Terraform.

Enable audit logs streaming

  1. From the HCP Vault cluster Overview page, select the Audit Logs view. HCP Vault Portal

  2. Click Enable Streaming.

  3. From the Enable audit logs streaming view, select Splunk as the provider.

  4. Under Splunk configuration, enter your HTTP Event Collector (HEC) Endpoint URL and event collector Token. Select Provider

  5. Click Save.

    NOTE: At this time HCP Vault only supports audit log streaming to one log endpoint at a time.

Refer to the Splunk documentation for instructions on log querying.

Edit the audit log streaming configuration

To edit a audit log streaming integration, perform the following steps.

  1. From the Audit Logs page, click on the Manage drop-down, then Edit configuration.

  2. Edit the configuration, then click Save.

Disable audit log streaming

To disable a audit log streaming integration, from the Audit Logs page, click on the Manage drop-down, then Disable streaming.

 Previous
 Next Collection

On this page

  1. Configure HCP Vault Audit Logs Streaming to Splunk
  2. Prerequisites
  3. Enable audit logs streaming
  4. Edit the audit log streaming configuration
  5. Disable audit log streaming
Give Feedback(opens in new tab)
  • Certifications
  • System Status
  • Terms of Use
  • Security
  • Privacy
  • Trademark Policy
  • Trade Controls
  • Give Feedback(opens in new tab)