Hello, I am new to the Splunk and my first task is to pair "github app for splunk" with "Github Audit log monitoring app", to get the visualization for the logs. Can anyone help me or guid me what should be done once the Github App for Splunk is installed?
"Github Audit log Monitoring Add on for Splunk" is capturing the logs but need some guidance on how Github App for Splunk can be paired with it for visualization.
Thanks in advance,
@indreshdowjones Thanks for the response
I just installed the app that u said in the previous message.
I Configured like below image but I didn't get anything in my index, any solution or idea that will help us.
Hello,
can you help us with, how you add the git hub audit log,
We installed the app but we did not find the option in data inputs tab to add the logs.
Hi Vinod ,
Is this fixed from your end?
Hi @Maaz , the dashboards for the GitHub App for Splunk use a macro to make it easy to use, so once the data is being indexed by the Add-On, you should update the Macro in the App to point to the index the data is being stored in.
My Github index name is "github" and HEC source name is source="http:github_token
Do i need to add or update source as well with Index? which method is correct ?
Method 1
Method 2
For the audit related dashboards, the only macro needed to be modified is the `github_source` macro. And for you I'd probably update it to just read as (index="github" source="http:github_token")
@derkkila-splunk Thanks.
Its working now with Method -1.
Thanks its resolved now