search

splunk / github_app_for_splunk

A collection of dashboards and knowledge objects for Github data
MIT License
30 stars 25 forks source link

Modular input not listed in Splunk after installing #59

Closed vector-sec closed 1 year ago

vector-sec commented 1 year ago

Describe the bug I've installed this add-on from Splunkbase on a 9.0.1 and 9.0.0 environments and in both cases the "GitHub Enterprise Audit Log Monitoring" modular input, as shown in the screenshot in ghe_audit_logs.MD of this repo, is appearing post installation. Am I missing a step?

To Reproduce Steps to reproduce the behavior:

  1. Install from Splunkbase
  2. Go to data inputs
  3. "GitHub Enterprise Audit Log Monitoring" modular input is not listed

Expected behavior "GitHub Enterprise Audit Log Monitoring" modular input should be listed

Screenshots If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

Additional context Add any other context about the problem here.

leftrightleft commented 1 year ago

Hey @vector-sec - have you installed the Splunk Add-on for GitHub? It's an additional addon which is required to query the GH audit log. It's separate from the GitHub App for Splunk.

vector-sec commented 1 year ago

No, I had not, sorry for the time waster!