Splunk-git hub app data ingestion issue

indreshdowjones · ‎05-12-2022

We have installed following two apps in our splunk environment to get data into our splunk enterprise environment

1) GitHub App for Splunk [https://splunkbase.splunk.com/app/5596/]

2) GitHub Audit Log Monitoring Add-On for Splunk[https://splunkbase.splunk.com/app/5595/]

We have configured both webhook and access token based ingestion setup to get logs into splunk but we are getting following errors and not able to see the data in dashboard

05-11-2022 20:59:00.164 +0000 ERROR ExecProcessor - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/github-audit-log-monitoring-add-on-for-splunk/bin/ghe_audit_log_monitoring.py" RuntimeError: Could not fetch audit log data. Please check your configuration, access token scope / correctness and API rate limits. status_code: 404 - url: https://github.dowjones.net/api/graphql/enterprises/enterprise-name/audit-log?phrase=&include=all&af... - Response: {"message":"Not Found","documentation_url":"https://docs.github.com/enterprise/3.3/graphql"}
host = xxxxxxxxs.netlog_level = ERRORsource = /opt/splunk/var/log/splunk/splunkd.logsourcetype = splunkd

5/11/22 8:59:00.164 PM
05-11-2022 20:59:00.164 +0000 ERROR ExecProcessor - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/github-audit-log-monitoring-add-on-for-splunk/bin/ghe_audit_log_monitoring.py" response.status_code, response.url, response.text

host = **************

any troubleshooting steps would be helpful

indreshdowjones · ‎05-13-2022

@derkkila-splunk @smcdonald20 @cbehr any help on this error?

Splunk-git hub app data ingestion issue

configuration

installation

troubleshooting

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Unify Your SecOps with Splunk Mission Control

Data Preparation Made Easy: SPL2 for Edge Processor