Comments (11)
derkkila-splunk
commented on August 21, 2024
2
You can see the required macro changes in the documentation: https://github.com/splunk/github_app_for_splunk#readme
If that doesn't help please comment here!
from github_app_for_splunk.
shakerg
commented on August 21, 2024
1
*There's a bug in GHES 3.6.0 that affects these webhooks, users should upgrade to 3.6.1+ and then Spunk integration will work as expected.
from github_app_for_splunk.
israelbgf
commented on August 21, 2024
Same problem here, do we need to do some manual changes on the queries?
from github_app_for_splunk.
derkkila-splunk
commented on August 21, 2024
No, no changes to queries, but did you update the macro to include your indexes?
from github_app_for_splunk.
Jasmine-8i8
commented on August 21, 2024
Hi Doug, I definitely looked in the documentation but it is not specific about which macros to change or how to change them. For example if I see all my github data coming in under the index 'github' how would I then change these macros?
from github_app_for_splunk.
israelbgf
commented on August 21, 2024
Indeed, noob mistake. You have to search your macros, and edit it with the name of your index (in your case @Jasmine-8i8 github). That makes it work.
from github_app_for_splunk.
Jasmine-8i8
commented on August 21, 2024
Ah ok I didn't realize we must change the index of every macro. Thanks both
from github_app_for_splunk.
shakerg
commented on August 21, 2024
I'm getting the same issue, going though the build a few times.. I can manually search the data and it's coming in from GHES, but the dashboard has none of the data. I have verified the macro index as well as the connections, everything looks good and as per documentation.
GHES = 3.6
Splunk Enterprise = 9.0.1
Apps:
Splunk Add-on for Github 2.0.0
GitHub Audit Log Monitoring Add-On for Splunk 1.1.1
GitHub App for Splunk 1.2.3
from github_app_for_splunk.
leftrightleft
commented on August 21, 2024
Just to close out the loop here, @shakerg and I talked offline and got this issue resolved. Seems like there were issues convincing GitHub to send webhooks to his Splunk instance :)
from github_app_for_splunk.
derkkila-splunk
commented on August 21, 2024
Thanks for the update @leftrightleft ! I'll sync up offline to see if I need to update any documentation to help in the future.
from github_app_for_splunk.
shakerg
commented on August 21, 2024
After a rebuild, I'm still running into the same issue where I see data coming in but it's not being represented in the dashboard. @leftrightleft and I are going to have another look later this week, if anything comes out of that which I can provide more details around, happy to share those.
from github_app_for_splunk.
Related Issues (20)
- "Account Type" not mentioned in the installation steps but it is mentioned in Splunk Data inputs
- Integration Overview - Dashboard (Audit logs) contains following TA reference "TA_splunk_ghe_audit_log_monitoring" but it should be "_**github-audit-log-monitoring-add-on-for-splunk**_"
- Developer insight dashboard issue Workflow Analysis -[Workflow history] search query missing HOT 1
- Dashboard Audit : "Activity Map by Actor Location" and "Activity Count by Actor Location" not showing up - Dashboard issue -Bug HOT 1
- Dependabot Alerts (and other dashbards) from Github Cloud enterprise not showing results due to bad SPL HOT 2
- Resolved alert count is not including secret scanning alerts
- generate_user_access_lookup is scheduled, but no lookup named last_access_by_user exists.
- Include push protection notifications in the Secret Scanning dashboard
- Actions billback metrics
- Dashboard is empty but data is being ingested HOT 5
- Modular input not listed in Splunk after installing HOT 2
- Documentation Suggestion HOT 1
- Dashboards are empty but data is being ingested into Splunk
- External Collaborators Dashboards HOT 1
- Clarification request for GHES usage HOT 2
- Broken configuration link HOT 3
- Github for Splunk Value Analytics Dashboard HOT 1
- Repository Vulnerability Alert webhook is Deprecated and being Removed HOT 1
- Secret Scanning Alerts HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from github_app_for_splunk.