What's the use of Gitlab add-on?

All Apps and Add-ons

Specifically, this statement prompted my question: "If you do not specify a specific project ID, you will only get event data associated with the account the token is associated with."

So does the add-on only gets event data either associated with one account, or one project?

Hello,
From what I understand of my usage of it: it gets all events across all projects that you have the right to view with the specified token.
If you specify a project it will only get events you have the right to view on the specified project.

Thank you. I manage Splunk but am only a client side gitlab user, so please bear with me asking more questions.

So from Splunk's perspective, say I would like to collect all events for all projects on a gitlab server, I would need to set up a "super user" in the gitlab installation, which would automatically have rights to access all existing and to-be-created projects?

Regards.

Exactly or an admin account on which you create a token with the API scope.
However this TA doesn't work as well as expected from my testings: there is no pagination handling which is fine for retrieving current /events but you won't be importing all the history of the different sourcetypes provided by the TA.

Get Updates on the Splunk Community!

What's the use of Gitlab add-on?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases