Troubleshoot the Splunk Add-on for GitHub

For helpful troubleshooting tips that you can apply to all add-ons, see Troubleshoot add-ons in Splunk Add-ons. For additional resources, see Support and resource links for add-ons in Splunk Add-ons.

If the add-on fails to collect data, check whether the ‘gitops’ index is created. Then check whether the log monitoring/forwarding is enabled on the GitHub Enterprise Server with the correct splunk instance IP/host and port information.

If the fields are not extracted check whether SC4S and the Splunk add-on for GitHub are installed correctly.

Issues with Data Collection or Configuration via Modinputs

If you experience issues with data collection or addon configuration via mod inputs, you might be setting permissions incorrectly for the Personal Access Token used to collect data. Refer to Configure inputs using Splunk Add-on for GitHub for instructions to set required permissions for Personal Access Token to collect data.

Rate Limit for GitHub Cloud Audit Log API

The GitHub Cloud Audit Log API allows 1750 API calls in an hour and each API call allows 100 records to be fetched If the limit is exhausted, the user would have to wait till the API limit resets