Add audit log troubleshooting note

[danelson]

Why:

This came out of a support ticket. We host a Splunk HEC endpoint via Splunk HEC receiver in OpenTelemetry. When exposing this endpoint publicly we were not accepting traffic on /services/collector and the audit log configuration validation was failing.

Hopefully a note such as this can help others in the future.

What's being changed (if available, include any code snippets, screenshots, or gifs):

Add a note so that users who configure Splunk HEC audit log export know that /services/collector must be reachable

Check off the following:

• I have reviewed my changes in staging, available via the View deployment link in this PR's timeline.

  • For content changes, you will also see an automatically generated comment with links directly to pages you've modified. The comment won't appear if your PR only edits files in the data directory.

• For content changes, I have completed the self-review checklist.

[welcome]

Thanks for opening this pull request! A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines.

[github-actions]

Automatically generated comment ℹ️

This comment is automatically generated and will be overwritten every time changes are committed to this branch.

The table contains an overview of files in the content directory that have been changed in this pull request. It's provided to make it easy to review your changes on the staging site. Please note that changes to the data directory will not show up in this table.

---

Content directory changes

You may find it useful to copy this table into the pull request summary. There you can edit it to share links to important articles or changes and to give a high-level overview of how the changes in your pull request support the overall goals of the pull request.

Source	Preview	Production	What Changed
admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise.md	ghec ghes@ 3.11 3.10 3.9 3.8 3.7	ghec ghes@ 3.11 3.10 3.9 3.8 3.7

---

fpt: Free, Pro, Team
ghec: GitHub Enterprise Cloud
ghes: GitHub Enterprise Server
ghae: GitHub AE

[nguyenalex836]

@danelson Thanks so much for opening a PR! I'll get this triaged for review ✨

[lecoursen]

Thanks @danelson! Since this is conceptual information, can you please move it before the procedure, just after this paragraph:

To stream audit logs to Splunk's HTTP Event Collector (HEC) endpoint you must make sure that the endpoint is configured to accept HTTPS connections. For more information, see Set up and use HTTP Event Collector in Splunk Web in the Splunk documentation.

After you do that, I can review the content of the note itself. Thanks!

[lecoursen]

Thanks for making this change! I'm going to apply a small suggestion and then merge. ⚡

[github-actions]

Thanks very much for contributing! Your pull request has been merged 🎉 You should see your changes appear on the site in approximately 24 hours. If you're looking for your next contribution, check out our help wanted issues ⚡