Github allows for the creation of webhook triggers at the organization, repository or app level. Further details regarding the specifics of what GitHub makes available is detailed in their Webhook Documentation

To create a GitHub webhook to send events to Observe you will need:

  • A GitHub account and organistation or repository

  • An Observe ingest token

Setting up the webhook

  1. For a repo or organization, go to settings

  2. Click Webhooks and then Add

  3. Payload URL is to our collector using basic auth, replace CUSTOMER_ID and TOKEN with your Customer ID and Ingest Token respectivly the /github at the end allows observe to identify this data as coming from GitHub:

    1. https://CUSTOMER_ID:[email protected]/v1/http/github

  4. Set the Content Type to application/json

  5. Leave Secret blank, this value is not used by Observe

  6. Enable SSL verification

  7. Decide what events you want, it is okay to pick everything, these events can be modeled in Observe post ingestion

  8. Make sure active is checked.

  9. Click Add Webhook

Verify GitHub data is being ingested

There are two places to validata, the first is to check GitHub has successfully send the data, and second is to check data is being recieved in Observe.

To check that GitHub is sending the data:

  1. For a repo or organization, go to Settings

  2. Click Webhooks

  3. Click the entry for the webhook created above

  4. Scroll to Recent Deliveries and check the recent calls recived a 202 response code

To check in Observe:

  1. Log into Observe and open the Observation event stream in a worksheet

  2. Open the OPAL console and apply the following filters:

    filter OBSERVATION_KIND = "http"
    filter (string(EXTRA.path) = "/github")
  3. Verify GitHub exists