<span class="pill kill-chain">_time</span>
<span class="pill kill-chain">action</span>
<span class="pill kill-chain">host</span>
<span class="pill kill-chain">index</span>
<span class="pill kill-chain">linecount</span>
<span class="pill kill-chain">meta</span>
<span class="pill kill-chain">punct</span>
<span class="pill kill-chain">source</span>
<span class="pill kill-chain">sourcetype</span>
<span class="pill kill-chain">splunk_server</span>
<span class="pill kill-chain">timestamp</span>
<span class="pill kill-chain">workflow_run.actor.avatar_url</span>
<span class="pill kill-chain">workflow_run.actor.events_url</span>
<span class="pill kill-chain">workflow_run.actor.followers_url</span>
<span class="pill kill-chain">workflow_run.actor.following_url</span>
<span class="pill kill-chain">workflow_run.actor.gists_url</span>
<span class="pill kill-chain">workflow_run.actor.gravatar_id</span>
<span class="pill kill-chain">workflow_run.actor.html_url</span>
<span class="pill kill-chain">workflow_run.actor.id</span>
<span class="pill kill-chain">workflow_run.actor.login</span>
<span class="pill kill-chain">workflow_run.actor.node_id</span>
<span class="pill kill-chain">workflow_run.actor.organizations_url</span>
<span class="pill kill-chain">workflow_run.actor.received_events_url</span>
<span class="pill kill-chain">workflow_run.actor.repos_url</span>
<span class="pill kill-chain">workflow_run.actor.site_admin</span>
<span class="pill kill-chain">workflow_run.actor.starred_url</span>
<span class="pill kill-chain">workflow_run.actor.subscriptions_url</span>
<span class="pill kill-chain">workflow_run.actor.type</span>
<span class="pill kill-chain">workflow_run.actor.url</span>
<span class="pill kill-chain">workflow_run.artifacts_url</span>
<span class="pill kill-chain">workflow_run.cancel_url</span>
<span class="pill kill-chain">workflow_run.check_suite_id</span>
<span class="pill kill-chain">workflow_run.check_suite_node_id</span>
<span class="pill kill-chain">workflow_run.check_suite_url</span>
<span class="pill kill-chain">workflow_run.conclusion</span>
<span class="pill kill-chain">workflow_run.created_at</span>
<span class="pill kill-chain">workflow_run.event</span>
<span class="pill kill-chain">workflow_run.head_branch</span>
<span class="pill kill-chain">workflow_run.head_commit.author.email</span>
<span class="pill kill-chain">workflow_run.head_commit.author.name</span>
<span class="pill kill-chain">workflow_run.head_commit.committer.email</span>
<span class="pill kill-chain">workflow_run.head_commit.committer.name</span>
<span class="pill kill-chain">workflow_run.head_commit.id</span>
<span class="pill kill-chain">workflow_run.head_commit.message</span>
<span class="pill kill-chain">workflow_run.head_commit.timestamp</span>
<span class="pill kill-chain">workflow_run.head_commit.tree_id</span>
<span class="pill kill-chain">workflow_run.head_repository.collaborators_url</span>
<span class="pill kill-chain">workflow_run.head_repository.description</span>
<span class="pill kill-chain">workflow_run.head_repository.fork</span>
<span class="pill kill-chain">workflow_run.head_repository.forks_url</span>
<span class="pill kill-chain">workflow_run.head_repository.full_name</span>
<span class="pill kill-chain">workflow_run.head_repository.hooks_url</span>
<span class="pill kill-chain">workflow_run.head_repository.html_url</span>
<span class="pill kill-chain">workflow_run.head_repository.id</span>
<span class="pill kill-chain">workflow_run.head_repository.keys_url</span>
<span class="pill kill-chain">workflow_run.head_repository.name</span>
<span class="pill kill-chain">workflow_run.head_repository.node_id</span>
<span class="pill kill-chain">workflow_run.head_repository.owner.avatar_url</span>
<span class="pill kill-chain">workflow_run.head_repository.owner.events_url</span>
<span class="pill kill-chain">workflow_run.head_repository.owner.followers_url</span>
<span class="pill kill-chain">workflow_run.head_repository.owner.following_url</span>
<span class="pill kill-chain">workflow_run.head_repository.owner.gists_url</span>
<span class="pill kill-chain">workflow_run.head_repository.owner.gravatar_id</span>
<span class="pill kill-chain">workflow_run.head_repository.owner.html_url</span>
<span class="pill kill-chain">workflow_run.head_repository.owner.id</span>
<span class="pill kill-chain">workflow_run.head_repository.owner.login</span>
<span class="pill kill-chain">workflow_run.head_repository.owner.node_id</span>
<span class="pill kill-chain">workflow_run.head_repository.owner.organizations_url</span>
<span class="pill kill-chain">workflow_run.head_repository.owner.received_events_url</span>
<span class="pill kill-chain">workflow_run.head_repository.owner.repos_url</span>
<span class="pill kill-chain">workflow_run.head_repository.owner.site_admin</span>
<span class="pill kill-chain">workflow_run.head_repository.owner.starred_url</span>
<span class="pill kill-chain">workflow_run.head_repository.owner.subscriptions_url</span>
<span class="pill kill-chain">workflow_run.head_repository.owner.type</span>
<span class="pill kill-chain">workflow_run.head_repository.owner.url</span>
<span class="pill kill-chain">workflow_run.head_repository.private</span>
<span class="pill kill-chain">workflow_run.head_repository.teams_url</span>
<span class="pill kill-chain">workflow_run.head_repository.url</span>
<span class="pill kill-chain">workflow_run.head_sha</span>
<span class="pill kill-chain">workflow_run.html_url</span>
<span class="pill kill-chain">workflow_run.id</span>
<span class="pill kill-chain">workflow_run.jobs_url</span>
<span class="pill kill-chain">workflow_run.logs_url</span>
<span class="pill kill-chain">workflow_run.name</span>
<span class="pill kill-chain">workflow_run.node_id</span>
<span class="pill kill-chain">workflow_run.previous_attempt_url</span>
<span class="pill kill-chain">workflow_run.pull_requests{}.base.ref</span>
<span class="pill kill-chain">workflow_run.pull_requests{}.base.repo.id</span>
<span class="pill kill-chain">workflow_run.pull_requests{}.base.repo.name</span>
<span class="pill kill-chain">workflow_run.pull_requests{}.base.repo.url</span>
<span class="pill kill-chain">workflow_run.pull_requests{}.base.sha</span>
<span class="pill kill-chain">workflow_run.pull_requests{}.head.ref</span>
<span class="pill kill-chain">workflow_run.pull_requests{}.head.repo.id</span>
<span class="pill kill-chain">workflow_run.pull_requests{}.head.repo.name</span>
<span class="pill kill-chain">workflow_run.pull_requests{}.head.repo.url</span>
<span class="pill kill-chain">workflow_run.pull_requests{}.head.sha</span>
<span class="pill kill-chain">workflow_run.pull_requests{}.id</span>
<span class="pill kill-chain">workflow_run.pull_requests{}.number</span>
<span class="pill kill-chain">workflow_run.pull_requests{}.url</span>
<span class="pill kill-chain">workflow_run.repository.archive_url</span>
<span class="pill kill-chain">workflow_run.repository.assignees_url</span>
<span class="pill kill-chain">workflow_run.repository.blobs_url</span>
<span class="pill kill-chain">workflow_run.repository.branches_url</span>
<span class="pill kill-chain">workflow_run.repository.collaborators_url</span>
<span class="pill kill-chain">workflow_run.repository.comments_url</span>
<span class="pill kill-chain">workflow_run.repository.commits_url</span>
<span class="pill kill-chain">workflow_run.repository.compare_url</span>
<span class="pill kill-chain">workflow_run.repository.contents_url</span>
<span class="pill kill-chain">workflow_run.repository.contributors_url</span>
<span class="pill kill-chain">workflow_run.repository.deployments_url</span>
<span class="pill kill-chain">workflow_run.repository.description</span>
<span class="pill kill-chain">workflow_run.repository.downloads_url</span>
<span class="pill kill-chain">workflow_run.repository.events_url</span>
<span class="pill kill-chain">workflow_run.repository.fork</span>
<span class="pill kill-chain">workflow_run.repository.forks_url</span>
<span class="pill kill-chain">workflow_run.repository.full_name</span>
<span class="pill kill-chain">workflow_run.repository.git_commits_url</span>
<span class="pill kill-chain">workflow_run.repository.git_refs_url</span>
<span class="pill kill-chain">workflow_run.repository.git_tags_url</span>
<span class="pill kill-chain">workflow_run.repository.hooks_url</span>
<span class="pill kill-chain">workflow_run.repository.html_url</span>
<span class="pill kill-chain">workflow_run.repository.id</span>
<span class="pill kill-chain">workflow_run.repository.issue_comment_url</span>
<span class="pill kill-chain">workflow_run.repository.issue_events_url</span>
<span class="pill kill-chain">workflow_run.repository.issues_url</span>
<span class="pill kill-chain">workflow_run.repository.keys_url</span>
<span class="pill kill-chain">workflow_run.repository.labels_url</span>
<span class="pill kill-chain">workflow_run.repository.languages_url</span>
<span class="pill kill-chain">workflow_run.repository.merges_url</span>
<span class="pill kill-chain">workflow_run.repository.milestones_url</span>
<span class="pill kill-chain">workflow_run.repository.name</span>
<span class="pill kill-chain">workflow_run.repository.node_id</span>
<span class="pill kill-chain">workflow_run.repository.notifications_url</span>
<span class="pill kill-chain">workflow_run.repository.owner.avatar_url</span>
<span class="pill kill-chain">workflow_run.repository.owner.events_url</span>
<span class="pill kill-chain">workflow_run.repository.owner.followers_url</span>
<span class="pill kill-chain">workflow_run.repository.owner.following_url</span>
<span class="pill kill-chain">workflow_run.repository.owner.gists_url</span>
<span class="pill kill-chain">workflow_run.repository.owner.gravatar_id</span>
<span class="pill kill-chain">workflow_run.repository.owner.html_url</span>
<span class="pill kill-chain">workflow_run.repository.owner.id</span>
<span class="pill kill-chain">workflow_run.repository.owner.login</span>
<span class="pill kill-chain">workflow_run.repository.owner.node_id</span>
<span class="pill kill-chain">workflow_run.repository.owner.organizations_url</span>
<span class="pill kill-chain">workflow_run.repository.owner.received_events_url</span>
<span class="pill kill-chain">workflow_run.repository.owner.repos_url</span>
<span class="pill kill-chain">workflow_run.repository.owner.site_admin</span>
<span class="pill kill-chain">workflow_run.repository.owner.starred_url</span>
<span class="pill kill-chain">workflow_run.repository.owner.subscriptions_url</span>
<span class="pill kill-chain">workflow_run.repository.owner.type</span>
<span class="pill kill-chain">workflow_run.repository.owner.url</span>
<span class="pill kill-chain">workflow_run.repository.private</span>
<span class="pill kill-chain">workflow_run.repository.pulls_url</span>
<span class="pill kill-chain">workflow_run.repository.releases_url</span>
<span class="pill kill-chain">workflow_run.repository.stargazers_url</span>
<span class="pill kill-chain">workflow_run.repository.statuses_url</span>
<span class="pill kill-chain">workflow_run.repository.subscribers_url</span>
<span class="pill kill-chain">workflow_run.repository.subscription_url</span>
<span class="pill kill-chain">workflow_run.repository.tags_url</span>
<span class="pill kill-chain">workflow_run.repository.teams_url</span>
<span class="pill kill-chain">workflow_run.repository.trees_url</span>
<span class="pill kill-chain">workflow_run.repository.url</span>
<span class="pill kill-chain">workflow_run.rerun_url</span>
<span class="pill kill-chain">workflow_run.run_attempt</span>
<span class="pill kill-chain">workflow_run.run_number</span>
<span class="pill kill-chain">workflow_run.run_started_at</span>
<span class="pill kill-chain">workflow_run.status</span>
<span class="pill kill-chain">workflow_run.triggering_actor.avatar_url</span>
<span class="pill kill-chain">workflow_run.triggering_actor.events_url</span>
<span class="pill kill-chain">workflow_run.triggering_actor.followers_url</span>
<span class="pill kill-chain">workflow_run.triggering_actor.following_url</span>
<span class="pill kill-chain">workflow_run.triggering_actor.gists_url</span>
<span class="pill kill-chain">workflow_run.triggering_actor.gravatar_id</span>
<span class="pill kill-chain">workflow_run.triggering_actor.html_url</span>
<span class="pill kill-chain">workflow_run.triggering_actor.id</span>
<span class="pill kill-chain">workflow_run.triggering_actor.login</span>
<span class="pill kill-chain">workflow_run.triggering_actor.node_id</span>
<span class="pill kill-chain">workflow_run.triggering_actor.organizations_url</span>
<span class="pill kill-chain">workflow_run.triggering_actor.received_events_url</span>
<span class="pill kill-chain">workflow_run.triggering_actor.repos_url</span>
<span class="pill kill-chain">workflow_run.triggering_actor.site_admin</span>
<span class="pill kill-chain">workflow_run.triggering_actor.starred_url</span>
<span class="pill kill-chain">workflow_run.triggering_actor.subscriptions_url</span>
<span class="pill kill-chain">workflow_run.triggering_actor.type</span>
<span class="pill kill-chain">workflow_run.triggering_actor.url</span>
<span class="pill kill-chain">workflow_run.updated_at</span>
<span class="pill kill-chain">workflow_run.url</span>
<span class="pill kill-chain">workflow_run.workflow_id</span>
<span class="pill kill-chain">workflow_run.workflow_url</span>
</div>
Data Source: GitHub
Description
Data source object for GitHub
Details
| Property | Value |
|---|---|
| Source | github |
| Sourcetype | aws:firehose:json |
Supported Apps
- Splunk Add-on for Github (version 3.0.0)
Event Fields
Fields
Example Log
1{"action":"requested","workflow_run":{"id":2088708615,"name":"auto-update","node_id":"WFR_kwLOCa00Ec58fyoH","head_branch":"mac_os_detections","head_sha":"4049334910ea3d52a917ca35aed66d11c80ed966","run_number":9504,"event":"push","status":"queued","conclusion":null,"workflow_id":4692335,"check_suite_id":5918781611,"check_suite_node_id":"CS_kwDOCa00Ec8AAAABYMlwqw","url":"https://api.github.com/repos/splunk/security_content/actions/runs/2088708615","html_url":"https://github.com/splunk/security_content/actions/runs/2088708615","pull_requests":[{"url":"https://api.github.com/repos/splunk/security_content/pulls/2131","id":893091277,"number":2131,"head":{"ref":"mac_os_detections","sha":"4049334910ea3d52a917ca35aed66d11c80ed966","repo":{"id":162346001,"url":"https://api.github.com/repos/splunk/security_content","name":"security_content"}},"base":{"ref":"develop","sha":"a7d3d1dc57f9bf36fe22e470bcf518fcc2c89283","repo":{"id":162346001,"url":"https://api.github.com/repos/splunk/security_content","name":"security_content"}}}],"created_at":"2022-04-04T08:43:15Z","updated_at":"2022-04-04T08:43:15Z","actor":{"login":"jsmith","id":8362376,"node_id":"MDQ6VXNlcjgzNjIzNzY=","avatar_url":"https://avatars.githubusercontent.com/u/8362376?v=4","gravatar_id":"","url":"https://api.github.com/users/jsmith","html_url":"https://github.com/jsmith","followers_url":"https://api.github.com/users/jsmith/followers","following_url":"https://api.github.com/users/jsmith/following{/other_user}","gists_url":"https://api.github.com/users/jsmith/gists{/gist_id}","starred_url":"https://api.github.com/users/jsmith/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/jsmith/subscriptions","organizations_url":"https://api.github.com/users/jsmith/orgs","repos_url":"https://api.github.com/users/jsmith/repos","events_url":"https://api.github.com/users/jsmith/events{/privacy}","received_events_url":"https://api.github.com/users/jsmith/received_events","type":"User","site_admin":false},"run_attempt":1,"run_started_at":"2022-04-04T08:43:15Z","triggering_actor":{"login":"jsmith","id":8362376,"node_id":"MDQ6VXNlcjgzNjIzNzY=","avatar_url":"https://avatars.githubusercontent.com/u/8362376?v=4","gravatar_id":"","url":"https://api.github.com/users/jsmith","html_url":"https://github.com/jsmith","followers_url":"https://api.github.com/users/jsmith/followers","following_url":"https://api.github.com/users/jsmith/following{/other_user}","gists_url":"https://api.github.com/users/jsmith/gists{/gist_id}","starred_url":"https://api.github.com/users/jsmith/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/jsmith/subscriptions","organizations_url":"https://api.github.com/users/jsmith/orgs","repos_url":"https://api.github.com/users/jsmith/repos","events_url":"https://api.github.com/users/jsmith/events{/privacy}","received_events_url":"https://api.github.com/users/jsmith/received_events","type":"User","site_admin":false},"jobs_url":"https://api.github.com/repos/splunk/security_content/actions/runs/2088708615/jobs","logs_url":"https://api.github.com/repos/splunk/security_content/actions/runs/2088708615/logs","check_suite_url":"https://api.github.com/repos/splunk/security_content/check-suites/5918781611","artifacts_url":"https://api.github.com/repos/splunk/security_content/actions/runs/2088708615/artifacts","cancel_url":"https://api.github.com/repos/splunk/security_content/actions/runs/2088708615/cancel","rerun_url":"https://api.github.com/repos/splunk/security_content/actions/runs/2088708615/rerun","previous_attempt_url":null,"workflow_url":"https://api.github.com/repos/splunk/security_content/actions/workflows/4692335","head_commit":{"id":"4049334910ea3d52a917ca35aed66d11c80ed966","tree_id":"df4ddc1359be3b19f093b7a27dbf5708187743a0","message":"small change","timestamp":"2022-04-04T08:43:01Z","author":{"name":"jsmith","email":"jsmith@evilcorp.com"},"committer":{"name":"jsmith","email":"jsmith@evilcorp.com"}},"repository":{"id":162346001,"node_id":"MDEwOlJlcG9zaXRvcnkxNjIzNDYwMDE=","name":"security_content","full_name":"splunk/security_content","private":false,"owner":{"login":"splunk","id":651467,"node_id":"MDEyOk9yZ2FuaXphdGlvbjY1MTQ2Nw==","avatar_url":"https://avatars.githubusercontent.com/u/651467?v=4","gravatar_id":"","url":"https://api.github.com/users/splunk","html_url":"https://github.com/splunk","followers_url":"https://api.github.com/users/splunk/followers","following_url":"https://api.github.com/users/splunk/following{/other_user}","gists_url":"https://api.github.com/users/splunk/gists{/gist_id}","starred_url":"https://api.github.com/users/splunk/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/splunk/subscriptions","organizations_url":"https://api.github.com/users/splunk/orgs","repos_url":"https://api.github.com/users/splunk/repos","events_url":"https://api.github.com/users/splunk/events{/privacy}","received_events_url":"https://api.github.com/users/splunk/received_events","type":"Organization","site_admin":false},"html_url":"https://github.com/splunk/security_content","description":"Splunk Security Content","fork":false,"url":"https://api.github.com/repos/splunk/security_content","forks_url":"https://api.github.com/repos/splunk/security_content/forks","keys_url":"https://api.github.com/repos/splunk/security_content/keys{/key_id}","collaborators_url":"https://api.github.com/repos/splunk/security_content/collaborators{/collaborator}","teams_url":"https://api.github.com/repos/splunk/security_content/teams","hooks_url":"https://api.github.com/repos/splunk/security_content/hooks","issue_events_url":"https://api.github.com/repos/splunk/security_content/issues/events{/number}","events_url":"https://api.github.com/repos/splunk/security_content/events","assignees_url":"https://api.github.com/repos/splunk/security_content/assignees{/user}","branches_url":"https://api.github.com/repos/splunk/security_content/branches{/branch}","tags_url":"https://api.github.com/repos/splunk/security_content/tags","blobs_url":"https://api.github.com/repos/splunk/security_content/git/blobs{/sha}","git_tags_url":"https://api.github.com/repos/splunk/security_content/git/tags{/sha}","git_refs_url":"https://api.github.com/repos/splunk/security_content/git/refs{/sha}","trees_url":"https://api.github.com/repos/splunk/security_content/git/trees{/sha}","statuses_url":"https://api.github.com/repos/splunk/security_content/statuses/{sha}","languages_url":"https://api.github.com/repos/splunk/security_content/languages","stargazers_url":"https://api.github.com/repos/splunk/security_content/stargazers","contributors_url":"https://api.github.com/repos/splunk/security_content/contributors","subscribers_url":"https://api.github.com/repos/splunk/security_content/subscribers","subscription_url":"https://api.github.com/repos/splunk/security_content/subscription","commits_url":"https://api.github.com/repos/splunk/security_content/commits{/sha}","git_commits_url":"https://api.github.com/repos/splunk/security_content/git/commits{/sha}","comments_url":"https://api.github.com/repos/splunk/security_content/comments{/number}","issue_comment_url":"https://api.github.com/repos/splunk/security_content/issues/comments{/number}","contents_url":"https://api.github.com/repos/splunk/security_content/contents/{+path}","compare_url":"https://api.github.com/repos/splunk/security_content/compare/{base}...{head}","merges_url":"https://api.github.com/repos/splunk/security_content/merges","archive_url":"https://api.github.com/repos/splunk/security_content/{archive_format}{/ref}","downloads_url":"https://api.github.com/repos/splunk/security_content/downloads","issues_url":"https://api.github.com/repos/splunk/security_content/issues{/number}","pulls_url":"https://api.github.com/repos/splunk/security_content/pulls{/number}","milestones_url":"https://api.github.com/repos/splunk/security_content/milestones{/number}","notifications_url":"https://api.github.com/repos/splunk/security_content/notifications{?since,all,participating}","labels_url":"https://api.github.com/repos/splunk/security_content/labels{/name}","releases_url":"https://api.github.com/repos/splunk/security_content/releases{/id}","deployments_url":"https://api.github.com/repos/splunk/security_content/deployments"},"head_repository":{"id":162346001,"node_id":"MDEwOlJlcG9zaXRvcnkxNjIzNDYwMDE=","name":"security_content","full_name":"splunk/security_content","private":false,"owner":{"login":"splunk","id":651467,"node_id":"MDEyOk9yZ2FuaXphdGlvbjY1MTQ2Nw==","avatar_url":"https://avatars.githubusercontent.com/u/651467?v=4","gravatar_id":"","url":"https://api.github.com/users/splunk","html_url":"https://github.com/splunk","followers_url":"https://api.github.com/users/splunk/followers","following_url":"https://api.github.com/users/splunk/following{/other_user}","gists_url":"https://api.github.com/users/splunk/gists{/gist_id}","starred_url":"https://api.github.com/users/splunk/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/splunk/subscriptions","organizations_url":"https://api.github.com/users/splunk/orgs","repos_url":"https://api.github.com/users/splunk/repos","events_url":"https://api.github.com/users/splunk/events{/privacy}","received_events_url":"https://api.github.com/users/splunk/received_events","type":"Organization","site_admin":false},"html_url":"https://github.com/splunk/security_content","description":"Splunk Security Content","fork":false,"url":"https://api.github.com/repos/splunk/security_content","forks_url":"https://api.github.com/repos/splunk/security_content/forks","keys_url":"https://api.github.com/repos/splunk/security_content/keys{/key_id}","collaborators_url":"https://api.github.com/repos/splunk/security_content/collaborators{/collaborator}","teams_url":"https://api.github.com/repos/splunk/security_content/teams","hooks_url":"https://api.github.com/repos/splunk/security_content/hooks","issue_events_url":"https://api.github.com/repos/splunk/security_content/issues/events{/num
Source: GitHub | Version: 1