topic Re: Github Audit log monitoring pair github app for splunk in All Apps and Add-ons

How to pair Github app for Splunk with Github Audit log monitoring app?

Maaz — Sun, 15 May 2022 19:31:30 GMT

Hello, I am new to the Splunk and my first task is to pair "github app for splunk" with "Github Audit log monitoring app", to get the visualization for the logs. Can anyone help me or guid me what should be done once the Github App for Splunk is installed?

"Github Audit log Monitoring Add on for Splunk" is capturing the logs but need some guidance on how Github App for Splunk can be paired with it for visualization.

Thanks in advance,

Re: Github Audit log monitoring pair github app for splunk

derkkila-splunk — Mon, 14 Feb 2022 14:11:12 GMT

Hi @Maaz , the dashboards for the GitHub App for Splunk use a macro to make it easy to use, so once the data is being indexed by the Add-On, you should update the Macro in the App to point to the index the data is being stored in.

Re: Github Audit log monitoring pair github app for splunk

indreshdowjones — Fri, 13 May 2022 19:17:31 GMT

@derkkila-splunk @Maaz

My Github index name is "github" and HEC source name is source="http:github_token

Do i need to add or update source as well with Index? which method is correct ?

Method 1

github_source
(index="github" source="ghe_audit_log_monitoring://*") OR (index=ghes source=github_audit)
github_webhooks
- index=github

Method 2

github_source
(index="github" source="ghe_audit_log_monitoring://*") OR (index=ghes source=github_audit) OR
OR (index="github" source=source="http:github_token")
github_webhooks
- index=github source=source="http:github_token")

Re: Github Audit log monitoring pair github app for splunk

indreshdowjones — Sun, 15 May 2022 13:02:56 GMT

Its working now with Method -1.

Thanks its resolved now

Re: Github Audit log monitoring pair github app for splunk

derkkila-splunk — Mon, 16 May 2022 14:45:03 GMT

@indreshdowjones

For the audit related dashboards, the only macro needed to be modified is the `github_source` macro. And for you I'd probably update it to just read as (index="github" source="http:github_token")

Re: Github Audit log monitoring pair github app for splunk

indreshdowjones — Mon, 16 May 2022 14:47:32 GMT

@derkkila-splunk Thanks.

Re: How to pair Github app for Splunk with Github Audit log monitoring app?

vinod743374 — Fri, 05 Aug 2022 06:58:18 GMT

Hello,
can you help us with, how you add the git hub audit log,

We installed the app but we did not find the option in data inputs tab to add the logs.

Re: How to pair Github app for Splunk with Github Audit log monitoring app?

indreshdowjones — Fri, 05 Aug 2022 11:30:51 GMT

@vinod743374

Have you installed the following App?

https://splunkbase.splunk.com/app/5595/#/details

Re: How to pair Github app for Splunk with Github Audit log monitoring app?

vinod743374 — Fri, 05 Aug 2022 13:35:28 GMT

@indreshdowjones Thanks for the response

I just installed the app that u said in the previous message.
I Configured like below image but I didn't get anything in my index, any solution or idea that will help us.

Re: How to pair Github app for Splunk with Github Audit log monitoring app?

Murali — Fri, 25 Nov 2022 09:51:10 GMT

Hi Vinod ,

Is this fixed from your end?