Installation is as standard for a Splunk Add-On
This input requires your GitLab token (Obtained via GitLab > Profile Settings > Access Tokens) for authentiction. When setting up inputs, you have the option to enter a project ID or not.
If you do not specify a specific project ID, you will only get event data associated with the account the token is associated with.
The add-on will collect any new information gathered since last run. This is done by storing the datetime of last run in the KV Store and then passing it into GitLab as a HTTP Param. The add-on focusses on the events, initially retrieving these before getting records associated with the event (Merge Requests, Project Info, Commits, Milestones...). During retrieval, it will then store everything in Splunk in JSON format.
Please check you have the correct permissions should you not be getting any data into Splunk. The splunkd sourcetype in the _internal index may assist with confirming any access issues.
Setting the logging level to debug is also advised if you encounter any issues as this should hopefully give you an idea as to where the problems lie. If you still are struggling, please get in touch or go to answers.splunk.com for more info. Should you need to get in touch, please supply a copy of the internal log, including the error line with MsgID should one exist.
Resolve API Issue
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.