All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to pair Github app for Splunk with Github Audit log monitoring app?

Maaz
Engager
‎11-29-2021 02:15 PM

Hello, I am new to the Splunk and my first task is to pair "github app for splunk" with "Github Audit log monitoring app", to get the visualization for the logs. Can anyone help me or guid me what should be done once the Github App for Splunk is installed? 

"Github Audit log Monitoring Add on for Splunk" is capturing the logs but need some guidance on how Github App for Splunk can be paired with it for visualization. 

Thanks in advance, 

Labels (1)
Labels
Tags (1)
Reply

indreshdowjones
Explorer
‎08-05-2022 04:30 AM

@vinod743374 

Have you installed the following App?

https://splunkbase.splunk.com/app/5595/#/details

indreshdowjones_0-1659698418669.png

 

0 Karma
Reply

vinod743374
Communicator
‎08-05-2022 06:35 AM

@indreshdowjones  Thanks for the response 

MicrosoftTeams-image.png


I just installed the app that u said in the previous message.
I Configured like below image but I didn't get anything in my index, any solution or idea that will help us.


0 Karma
Reply

vinod743374
Communicator
‎08-04-2022 11:58 PM

Hello,
can you help us with, how you add the git hub audit log,

We installed the app but we did not find the option in data inputs tab to add the logs.



0 Karma
Reply

Murali
Explorer
‎11-25-2022 01:51 AM

Hi Vinod ,

Is this fixed from your end?

0 Karma
Reply

derkkila-splunk
Splunk Employee
Splunk Employee
‎02-14-2022 06:11 AM

Hi @Maaz , the dashboards for the GitHub App for Splunk use a macro to make it easy to use, so once the data is being indexed by the Add-On, you should update the Macro in the App to point to the index the data is being stored in. 

0 Karma
Reply

indreshdowjones
Explorer
‎05-13-2022 12:17 PM

@derkkila-splunk @Maaz 

My Github index name is "github" and HEC source name is source="http:github_token

Do i need to add or update source as well with Index? which method is correct ?

Method 1

  • github_source
    (index="github" source="ghe_audit_log_monitoring://*") OR (index=ghes source=github_audit)
  • github_webhooks
    • index=github 

Method 2

  • github_source
    (index="github" source="ghe_audit_log_monitoring://*") OR (index=ghes source=github_audit) OR
  • OR (index="github" source=source="http:github_token")
  • github_webhooks
    • index=github source=source="http:github_token")
Tags (1)
0 Karma
Reply

derkkila-splunk
Splunk Employee
Splunk Employee
‎05-16-2022 07:45 AM

@indreshdowjones 

For the audit related dashboards, the only macro needed to be modified is the `github_source` macro. And for you I'd probably update it to just read as (index="github" source="http:github_token")

Reply

indreshdowjones
Explorer
‎05-16-2022 07:47 AM

@derkkila-splunk Thanks.

0 Karma
Reply

indreshdowjones
Explorer
‎05-15-2022 06:02 AM

Its working now with Method -1.

Thanks its resolved now

 

0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...