Splunk® Supported Add-ons

Splunk Add-on for GitHub

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Configure GitHub Cloud Audit Log Streaming to send data to Splunk Add-on for GitHub

This section provides the steps to configure the GitHub Cloud Audit Log Streaming to send the audit logs data from GitHub Cloud to Splunk Cloud

The Splunk Cloud instance on which you want to receive Log Streaming data must be a Public Splunk Cloud

Splunk Configuration

Create a HEC token:

  1. Click Settings > Add Data.
  2. Click Monitor.
  3. Click HTTP Event Collector
  4. Enter a Name for the token.
  5. (Optional) For Source name override, enter a name for a source to be assigned to events that this endpoint generates.
  6. (Optional) For Description, enter a description for the input.
  7. (Optional) To enable indexer acknowledgment for the token, check Enable indexer acknowledgment.
  8. Click Next.
  9. Make edits to source type and confirm the index where you want HEC events to be stored. Make the sourcetype github:cloud:audit.
  10. Click Review.
  11. Confirm the settings for your endpoint, then click Submit.
  12. Copy the token value that Splunk Web displays, this token will be used to configure audit log streaming in GitHub.

GitHub Cloud Configuration

  1. In the top-right corner, click on your profile photo, then click Your enterprises
    2. .
  2. Select the enterprise you want to view.
  3. In the Enterprise Account sidebar, click Settings.
  4. In Settings, select Audit log.
  5. Under "Audit log", click Log streaming.
  6. In the Configure stream menu select Splunk.
    1. On the configuration page, enter the following details:
    2. The domain on which the application you want to stream to is hosted.

      If you're using Splunk Cloud, the domain should be http-inputs-, where host is the domain you use in Splunk Cloud. For example, http-inputs-mycompany.splunkcloud.com. If you're using the free trial version of Splunk Cloud, the domain should be inputs., where host is the domain you use in Splunk Cloud. For example, inputs.mycompany.splunkcloud.com.

    3. The port on which the application accepts data.

      If you're using Splunk Cloud and haven't changed the port configuration, Port should be 443. If you're using the free trial version of Splunk Cloud, Port should be 8088.

  7. Make sure that Enable SSL verification selected.
  8. Click Check endpoint to verify that GitHub can connect and write to the Splunk endpoint.
  9. After you have successfully verified the endpoint, click Save.
Last modified on 05 February, 2024
PREVIOUS
Upgrade the Splunk Add-on for GitHub 		  NEXT
Troubleshoot the Splunk Add-on for GitHub

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters