Specifically, this statement prompted my question: "If you do not specify a specific project ID, you will only get event data associated with the account the token is associated with."
So does the add-on only gets event data either associated with one account, or one project?
Hello,
From what I understand of my usage of it: it gets all events across all projects that you have the right to view with the specified token.
If you specify a project it will only get events you have the right to view on the specified project.
Thank you. I manage Splunk but am only a client side gitlab user, so please bear with me asking more questions.
So from Splunk's perspective, say I would like to collect all events for all projects on a gitlab server, I would need to set up a "super user" in the gitlab installation, which would automatically have rights to access all existing and to-be-created projects?
Regards.
Exactly or an admin account on which you create a token with the API scope.
However this TA doesn't work as well as expected from my testings: there is no pagination handling which is fine for retrieving current /events but you won't be importing all the history of the different sourcetypes provided by the TA.