Configure GitHub Cloud Audit Log Streaming to send data to Splunk Add-on for GitHub
This section provides the steps to configure the GitHub Cloud Audit Log Streaming to send the audit logs data from GitHub Cloud to Splunk Cloud
The Splunk Cloud instance on which you want to receive Log Streaming data must be a Public Splunk Cloud
Create a HEC token:
- Click Settings > Add Data.
- Click Monitor.
- Click HTTP Event Collector
- Enter a Name for the token.
- (Optional) For Source name override, enter a name for a source to be assigned to events that this endpoint generates.
- (Optional) For Description, enter a description for the input.
- (Optional) To enable indexer acknowledgment for the token, check Enable indexer acknowledgment.
- Click Next.
- Make edits to source type and confirm the index where you want HEC events to be stored. Make the sourcetype
- Click Review.
- Confirm the settings for your endpoint, then click Submit.
- Copy the token value that Splunk Web displays, this token will be used to configure audit log streaming in GitHub.
GitHub Cloud Configuration
- In the top-right corner, click on your profile photo, then click Your enterprises .
- Select the enterprise you want to view.
- In the Enterprise Account sidebar, click Settings.
- In Settings, select Audit log.
- Under "Audit log", click Log streaming.
- In the Configure stream menu select Splunk.
- On the configuration page, enter the following details:
- The domain on which the application you want to stream to is hosted.
If you're using Splunk Cloud, the domain should be http-inputs-
, where host is the domain you use in Splunk Cloud. For example, http-inputs-mycompany.splunkcloud.com. If you're using the free trial version of Splunk Cloud, the domain should be inputs. , where host is the domain you use in Splunk Cloud. For example, inputs.mycompany.splunkcloud.com.
- The port on which the application accepts data.
If you're using Splunk Cloud and haven't changed the port configuration, Port should be 443. If you're using the free trial version of Splunk Cloud, Port should be 8088.
- Make sure that Enable SSL verification selected.
- Click Check endpoint to verify that GitHub can connect and write to the Splunk endpoint.
- After you have successfully verified the endpoint, click Save.
Upgrade the Splunk Add-on for GitHub
Troubleshoot the Splunk Add-on for GitHub
This documentation applies to the following versions of Splunk® Supported Add-ons: released