[PM-35265] Migration Guide Draft: Push Based Event Delivery#198
Conversation
lastbestdev
changed the title
Banrion
left a comment
Banrion
left a comment
There was a problem hiding this comment.
Replace the TODO with the setup page note and this is good to go!
|
|
||
| Last, it is important to ensure any remaining polling configurations are removed from the application. This prevents the retrieval of duplicate event logs for the Organization, and should be completed as soon as possible. When both poll and push configurations are enabled for an Organization at the same time, the same events will be ingested twice. | ||
|
|
||
| [TODO: clarify on how we would like to build disabling polling configurations. should the admin delete them manually (i.e. button click), or should completing push based delivery delete polling configurations automatically?)] |
There was a problem hiding this comment.
We can remove this todo. The instructions here should cover the disabling the polling by going to the Bitwarden Event Logs Splunk app setup page and selecting the appropriate setting (see the splunk setup page documentation on how we are expecting to add the setting via a checkbox)
There was a problem hiding this comment.
It sounds to me like we will be automatically disabling polling if the setup form is completed for pushing. I have updated the section to reflect this. Let me know if this isn't quite what you were envisioning.
|
@claude Please review |
| 1. Update the Bitwarden Splunk application | ||
| 2. Complete set up for event push delivery |
There was a problem hiding this comment.
🤔 I think it would be worth it to breakdown the Complete setup into two sections to cover the Bitwarden Admin console step and the Bitwarden Event logs separately so it's more clear that the steps are completed in different locations. Though, this would require a change to the sections.
| 1. Update the Bitwarden Splunk application | |
| 2. Complete set up for event push delivery | |
| 1. Update the Bitwarden Splunk application | |
| 2. Bitwarden Admin Console: Complete set up for event push delivery | |
| 3. Bitwarden Event Logs Splunk App: Complete setup |
Suggestion of content for 2. Bitwarden Admin Console: Complete set up for event push delivery
- A note on step 2 that it's while it's possible to complete step 3 first, we recommend completing step 2 due to the potential loss of events mentioned in https://github.com/bitwarden/splunk/pull/198/changes#r3311550440
- A placeholder link to the Bitwarden Help Center to be filled when a guide is created
There was a problem hiding this comment.
@Banrion I swapped the order of the last two steps here. Since the setup flow will start in the Splunk application and be finished in the Admin Console, I think that order makes more sense.
|
|
||
| The admin will complete this form, and the Bitwarden platform will begin to push event logs for the Organization into Splunk. | ||
|
|
||
| **Note that completing the setup form for event push delivery (push or poll) will automatically disable any existing polling configuration.** For example, if your existing configuration uses polling to retrieve events, completing the setup form for event push delivery will overwrite the old polling configuration. Having both event polling and push configurations is not allowed, in order to prevent the same events from being received in Splunk multiple times. |
There was a problem hiding this comment.
❓ Ambiguity note. The note reads like checking polling in the setup will disable polling altogether. There won't be a way to complete the setup form for event push delivery AND polling as noted in the example. Specifically the "(push or poll)" is confusing.
I suggest making a new section after Migration Steps to cover this situation:
Important Notes
Event Availability in Splunk
Explanation for when events are pushed or polled, covering when events should appear in Splunk based on the different configurations
Duplicate or Lost Events
Explanation on potential duplicate events, possible lost events if polling is disabled (push driven enabled in the Splunk App first and followed by configuration for push driven events enabled in Admin Console)
There was a problem hiding this comment.
Added and filled in recommended sections
| 1. Update the Bitwarden Splunk application | ||
| 2. Complete set up for event push delivery |
Co-authored-by: Leslie Tilton <23057410+Banrion@users.noreply.github.com>
Co-authored-by: Leslie Tilton <23057410+Banrion@users.noreply.github.com>
Banrion
left a comment
Banrion
left a comment
There was a problem hiding this comment.
✅ Todo comments will be updated with links when available.
|
|
||
| Take note of both the HEC endpoint and authentication token, and proceed to the next step where push delivery is configured in the Bitwarden Admin Console. | ||
|
|
||
| ### Bitwarden Admin Console: Complete set up for event push delivery |
There was a problem hiding this comment.
🤏 Minor note that this "set up" is inconsistent with "setup" used in other parts of the doc.
2 participants
🎟️ Tracking
https://bitwarden.atlassian.net/browse/PM-35265
📔 Objective
Adds document outlining the expected process the Splunk admin upgrading the Bitwarden Splunk app will need to follow for moving over to push based event delivery.