Does anyone know where I can find some already created Splunk use cases for github webhook logs?

I am having a really hard time googling for a dump of github based splunk searches because of the keyword github.

I am trying to look for commits in github with no approvals. I have identified the search for all commits and the search for finding approvals for those commits but I am unsure how to stich them together in a single query to produce actionable results.

The commit log and the approval log are separate logs but both have a unique identifier for the commit.

More info:

Here is the query for the approval and the corresponding log. These logs are heavily redacted and I am only including what is relevant. Logs come in through HEC so they are JSON.

 index=github action=submitted review.state=approved pull_request.head.sha!="" 

{
	action: submitted
	pull_request: {
		head: {
			sha: <commit-id>
		}
	}
	review: {
		state: approved
	}
}

Here is the log of the merge, it has no action so I'm using this query:

index=github after!="" 

{
	after: <commit-id>
	before: <previous-commit-id>
	enterprise: {}
	head_commit: {}
	organization: {}
	pusher: {}
	repository: {}
	sender: {}
}

I've been trying to create a table that includes both of these logs with no luck.

index=github after!="" 
[search index=github action=submitted review.state=approved pull_request.head.sha!="" 
|table pull_request.head.sha review.state 
| rename pull_request.head.sha as commit-id]
|table after 
|rename after as commit-id

So I am essentially looking for commit logs with no approval and trying to link the tables together with after/pull_request.head.sha as both of these values are unique commit ID's.

Ideally I would want to alert on each occurrence of an unapproved merge.