I'm getting a very similar issue as previous reported. I have configured the GitHub Add-on For Splunk to ingest audit and user events as well as configured webhooks to capture events to the github index in Splunk. I can manually search the data and it's coming in from GitHub, but the Repository Audit and User Change Audit dashboards have none of the expected data.
I have verified the macro are pointing to the correct indexes, everything looks good and as per documentation.
I have the following installed:
Splunk Enterprise 8.2.9
Apps:
Splunk Add-on for Github 2.1.1
GitHub App for Splunk 2.1.1
Similar to issue https://github.com/splunk/github_app_for_splunk/issues/56 and https://github.com/splunk/github_app_for_splunk/issues/58
I'm getting a very similar issue as previous reported. I have configured the GitHub Add-on For Splunk to ingest audit and user events as well as configured webhooks to capture events to the github index in Splunk. I can manually search the data and it's coming in from GitHub, but the Repository Audit and User Change Audit dashboards have none of the expected data.
I have verified the macro are pointing to the correct indexes, everything looks good and as per documentation.
I have the following installed: Splunk Enterprise 8.2.9 Apps: Splunk Add-on for Github 2.1.1 GitHub App for Splunk 2.1.1
