search

splunk / github_app_for_splunk

A collection of dashboards and knowledge objects for Github data
MIT License
32 stars 25 forks source link

Documentation Suggestion #60

Open dave-safian-kyndryl opened 1 year ago

dave-safian-kyndryl commented 1 year ago

In regards to configuring webhooks in github (github_webhooks.MD) you can use basic auth instead.

Advantages: HEC token isn't passed as part of the URL (which is visible and will get logged everywhere) Does not require allowQueryStringAuth = true on the HEC Endpoint. In Splunk Cloud, you gotta get Splunk support to enable it even.

All that needs to change in the webhook configuration is:

AuthQueryToken: https://YOUR SPLUNK URL:8088/services/collector/raw?token=THE TOKEN FROM ABOVE.

BasicAuth: https://xxxxx:THETOKENFROMABOVE@YOUR SPLUNK URL:8088/services/collector/raw

Username doesn't matter (xxxxx). Token is used as the password for basic auth.

mcantu commented 1 year ago

@dave-safian-kyndryl this has been driving me nuts! I'm using Splunk Cloud and couldn't figure out why in the world my webhook configuration wasn't working. I couldn't even modify the allowQuery portion, makes total sense that you have to contact support.

At least for now, with your suggestion, I got my webhooks to successfully deliver to my Splunk Cloud instance. Thank you!