R
Ruby Octopus
Summary
Today, Audit Streaming to Splunk sends primarily metadata (action, actor, resource, scope, timestamp). However, the customer needs the
change details
(payload) that explains
what actually changed
; similar to what the Harness Audit Trail UI shows in
Event Summary / YAML Difference
.
Current behavior
  • Splunk receives events with fields like
    auditAction
    ,
    auditModule
    ,
    auditResource
    ,
    auditEventAuthor
    , etc.
  • The streamed event
    does not include the change payload
    (e.g., YAML diff / fields changed).
  • In the UI, the YAML diff is fetched
    on-demand via a separate API call
    and is not embedded in the streamed payload.
Customer impact / Why this matters
  • They use Splunk as the system of record for audit/compliance and want audit events to be self-contained.
  • They updated a template and do not see any details about the change in Splunk (only that an UPDATE happened).
  • They don’t want a workaround that requires Splunk to call Harness APIs for every event (load/operational overhead).
Request
Add an
optional
capability to include
change details
in audit streaming payloads, such as:
  • eventSummary
    (human-readable)
  • diff
    /
    yamlDifference
    /
    changes
    (structured or text)
  • or at minimum, a list of changed fields and old/new values (when YAML diff isn’t applicable)
Created by Pedro Mastelaro
·