Jose Hernandez
Jose Hernandez
Security Researcher, Diver, and Maker
Sep 10, 2021 2 min read

Collecting Github Traffic Stats into Splunk

thumbnail for this post

Collecting Github Traffic Stats into Splunk

It’s a bit since I blogged anything and I have been itching to dust ๐Ÿงน off my blog and start writing more tactical things I have been thinking or playing with.

Today I bring you a new tool called github-traffic-collector recently ๐Ÿž baked. Recently learned that the webhooks used to collect Github events into Splunk amazingly documented here by Ryan O’Connor does not ๐Ÿ˜ฑ contain Github project traffic stats. Github Traffic is another API Endpoint, I learned this from my friend Adam Mashinchi while we were chatting about the best ways to collect traffic stats for various opensource projects we maintain into Splunk, namely (attack_range, atomic-red-team, etc.). Hence github-traffic-collector was born, although there are many/better Github traffic stats collection projects, this one is mine ๐Ÿ˜Ž.

image

Specifically, the intent behind its implementation is to not only write the stats down to disk (because why not), but also to send them directly to a Splunk Server via HEC.

image

Why send it to Splunk? Well, for analytics, of course, build a metrics dashboard to keep tabs on the health of these projects. Another positive side effect here is, Github only allows you to collect 14 days (on the free account) of traffic data, since you can run this tool on a cronjob every 14 days, you can now have the project metrics tracked perpetually in Splunk. Give it a whirl and open a Github issue if you run into ๐Ÿ›.