Collecting Github Traffic Stats into Splunk

It’s a bit since I blogged anything and I have been itching to dust 🧹 off my blog and start writing more tactical things I have been thinking or playing with.

Today I bring you a new tool called github-traffic-collector recently 🍞 baked. Recently learned that the webhooks used to collect Github events into Splunk amazingly documented here by Ryan O’Connor does not 😱 contain Github project traffic stats. Github Traffic is another API Endpoint, I learned this from my friend Adam Mashinchi while we were chatting about the best ways to collect traffic stats for various opensource projects we maintain into Splunk, namely (attack_range, atomic-red-team, etc.). Hence github-traffic-collector was born, although there are many/better Github traffic stats collection projects, this one is mine 😎.

Specifically, the intent behind its implementation is to not only write the stats down to disk (because why not), but also to send them directly to a Splunk Server via HEC.

Why send it to Splunk? Well, for analytics, of course, build a metrics dashboard to keep tabs on the health of these projects. Another positive side effect here is, Github only allows you to collect 14 days (on the free account) of traffic data, since you can run this tool on a cronjob every 14 days, you can now have the project metrics tracked perpetually in Splunk. Give it a whirl and open a Github issue if you run into 🐛.