Troubleshoot the Splunk Add-on for GitHub
For helpful troubleshooting tips that you can apply to all add-ons, see Troubleshoot add-ons in Splunk Add-ons. For additional resources, see Support and resource links for add-ons in Splunk Add-ons.
If the add-on fails to collect data, check whether the 'gitops' index is created. Then check whether the log monitoring/forwarding is enabled on the GitHub Enterprise Server with the correct splunk instance IP/host and port information.
If the fields are not extracted check whether SC4S and the Splunk add-on for GitHub are installed correctly.
Issues with Data Collection or Configuration via Modinputs
If you experience issues with data collection or addon configuration via mod inputs, you might be setting permissions incorrectly for the Personal Access Token used to collect data. Refer to Configure inputs using Splunk Add-on for GitHub for instructions to set required permissions for Personal Access Token to collect data.
Use the following search query to further troubleshoot any issues:
index=_internal source="*Splunk_TA_github*"
Rate Limit for GitHub Cloud Audit Log API
The GitHub Cloud Audit Log API allows 1750 API calls in an hour and each API call allows 100 records to be fetched If the limit is exhausted, the user would have to wait till the API limit resets
| Configure GitHub Cloud Audit Log Streaming to send data to Splunk Add-on for GitHub | Lookups for the Splunk Add-on for GitHub |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Download manual
Feedback submitted, thanks!