Monitor HCP Vault Dedicated Audit Logs with SigNoz

SigNoz Cloud - This page applies to SigNoz Cloud editions.
Self-Host - This page applies to self-hosted SigNoz editions.

HCP Vault Dedicated streams audit logs to SigNoz through its Generic HTTP Sink. For SigNoz Cloud, HCP posts to the Vector log intake. Configure the sink from the HCP portal or with Terraform. SigNoz Cloud does not require an agent or collector.

Audit log streaming requires an Essentials or Standard tier cluster. Development tier clusters cannot stream audit logs. HCP Vault Dedicated streams to one log destination at a time, so enabling SigNoz replaces any existing audit log destination.

Prerequisites

  • HCP Vault Dedicated cluster on the Essentials or Standard tier
  • Admin role on your HCP organization
  • An instance of SigNoz (Cloud or Self-Hosted)

Configure audit log streaming

  1. Log in to the HCP portal and open your Vault cluster.

  2. Go to Audit Logs and click Enable log streaming.

  3. Select Generic HTTP Sink as the provider and click Next.

  4. Enter the provider details:

  • URI: https://ingest.<region>.signoz.cloud/logs/vector
  • Method: POST
  • Encoding codec: JSON
  • Headers: add signoz-ingestion-key with <your-ingestion-key> as the value

Leave compression, authentication strategy, and payload prefix/suffix at their defaults.

  1. Click Save.

Verify these values:

HCP can take a few minutes to start streaming after you save.

Validate

  1. Open Logs in SigNoz.
  2. Generate Vault activity: log in, read a secret, or run vault status against the cluster.
  3. Audit log entries appear within a few minutes. Each record carries Vault audit fields such as auth, request.path, and resource attributes like cluster_id, cluster_tier, and hcp_product.
HCP Vault Dedicated audit log opened in the SigNoz Logs Explorer, showing auth, cluster_id, cluster_tier, and hcp_product fields
An HCP Vault Dedicated audit log record in SigNoz

Troubleshooting

No logs arrive in SigNoz

  • Confirm the cluster is on the Essentials or Standard tier. Development tier clusters cannot stream audit logs.
  • Recheck the URI region against your SigNoz region. A wrong region drops data with no error.
  • Confirm the path is /logs/vector and the codec is JSON.
  • Copy the signoz-ingestion-key value fresh from SigNoz settings.
  • For self-hosted SigNoz, confirm HCP can reach your Vector endpoint, and that Vector can reach http://<signoz-host>:4318/v1/logs.
  • HCP can take a few minutes to begin streaming. Generate Vault activity, since an idle cluster produces few audit events.

Streaming to a different destination stopped

HCP Vault Dedicated streams to one log destination at a time. Enabling SigNoz replaces the previous destination. Re-add the previous endpoint if you need it back, but only one can be active.

Limitations

  • Essentials or Standard tier required. Development tier clusters cannot stream audit logs.
  • One destination at a time. Enabling SigNoz replaces any existing audit log destination.
  • Audit logs only. This path covers audit logs. Vault metrics use a separate streaming destination.

Next Steps

Get Help

If you need help with the steps in this topic, please reach out to us on SigNoz Community Slack. If you are a SigNoz Cloud user, please use in product chat support located at the bottom right corner of your SigNoz instance or contact us at cloud-support@signoz.io.

Last updated: July 01, 2026

Edit on GitHub

Was this page helpful?

Your response helps us improve this page.