splunk
diff --git a/‎docs/ghe_audit_logs.MD
Lines changed: 1 addition & 60 deletions b/‎docs/ghe_audit_logs.MD
Lines changed: 1 addition & 60 deletions
diff --git a/‎docs/ghes_syslog_setup.MD
Lines changed: 1 addition & 1 deletion b/‎docs/ghes_syslog_setup.MD
Lines changed: 1 addition & 1 deletion
diff --git a/‎github_app_for_splunk/default/data/ui/views/api_config.xml
Lines changed: 0 additions & 232 deletions b/‎github_app_for_splunk/default/data/ui/views/api_config.xml
Lines changed: 0 additions & 232 deletions
@@ -1,45 +1,13 @@
 # GitHub Enterprise Audit Log Monitoring
 
-> Splunk modular input plugin to fetch the enterprise audit log from GitHub Enterprise
-
-Support for modular inputs in Splunk Enterprise 5.0 and later enables you to add new types of inputs to Splunk Enterprise that are treated as native Splunk Enterprise inputs.
-
-This modular input makes an HTTPS request to the GitHub Enterprise's Audit Log REST API endpoint at a definable interval to fetch audit log data.
-
-![Splunk modular input demo](./images/C70F5295-D9FA-48FC-90CA-A7BD397AEC35.png)
-
 ## Prerequisites
 
 - Splunk v8.x+
 - Python 3.x
 
 ## Installation
 
-1. SSH to your Splunk server
-
-2. Download the latest release from [Releases](https://github.com/splunk/github-audit-log-monitoring-add-on-for-splunk/releases)
-
-3. Copy the tarball to the apps directory and extract it:
-
-   ```sh
-   $ cp splunk-ghe-audit-log-monitoring-<VERSION>.tar.gz $SPLUNK_HOME/etc/apps/
-
-   $ mkdir -p $SPLUNK_HOME/etc/apps/ghe_audit_log_monitoring
-
-   $ tar xf $SPLUNK_HOME/etc/apps/splunk-ghe-audit-log-monitoring-<VERSION>.tar.gz -C $SPLUNK_HOME/etc/apps/ghe_audit_log_monitoring --strip-components=1
-
-   # Optional depending on the user executing the previous actions
-   $ sudo chown -R splunk:splunk $SPLUNK_HOME/etc/apps/ghe_audit_log_monitoring
-
-   # Make the state directory writable by the group
-   $ sudo chmod -R 775 /opt/splunk/etc/apps/ghe_audit_log_monitoring/state
-   ```
-
-4. Restart the Splunk server
-
-5. Generate a Personal Access Token in GitHub.com (PAT must be generated by an Enterprise Owner).
-
-6. Configure and the GitHub Enterprise Audit Log Monitoring by entering the necessary information in the input fields
+Installation and configuration documents for the (Splunk Add-on for GitHub)[https://docs.splunk.com/Documentation/AddOns/released/GitHub/About] is available in our official Splunk docs. This add-on can be used for both GitHub Enterprise Cloud and Server. To configure for each specific environment, please refer to the official docs.
 
 ## Configuration
 
@@ -155,30 +123,3 @@ If you've enabled debug mode be ready to change your personal access token becau
 ### Why can't I use a GitHub app instead of a personal access token?
 
 GitHub apps cannot be installed on the enterprise level. The REST API requires enterprise admin privileges which are out of scope for GitHub apps.
-
-## Troubleshooting
-
-### Read logs in Splunk
-
-You can use this search query to fetch all the logs belonging to this module when **Debug Mode** is enabled.
-
-```sh
-index="_internal" source="/opt/splunk/var/log/splunk/splunkd.log" ghe_audit_log_monitoring
-```
-
-### Test the modular input for syntax problems
-
-Run this test if you don't see anything in the logs (which is a highly unlikely scenario). This will display any syntax errors if there are any.
-
-```sh
-sudo $SPLUNK_HOME/bin/splunk cmd python $SPLUNK_HOME/etc/apps/ghe_audit_log_monitoring/bin/ghe_audit_log_monitoring.py
-```
-
-### Where are state files stored?
-
-State files for enterprises are stored in this directory:
-
-```sh
-$SPLUNK_HOME/etc/apps/ghe_audit_log_monitoring/state/
-```
-Test
@@ -1,3 +1,3 @@
 # Sending GitHub Enterprise Server Logs to Splunk
 
-GitHub Enterprise Server comes with syslog-ng built in to send data to platforms like Splunk: https://docs.github.com/en/enterprise-server@3.3/admin/user-management/monitoring-activity-in-your-enterprise/log-forwarding. Following those directions will allow you to easily onboard logs to Splunk. To take advantage of GitHub Enterprise Server's built in syslog, you can direct GHES to a Splunk Connect for Syslog endpoint which has built in capability to parse GitHub Enterprise Server logs. Pairing that with the [Splunk Add-On for GitHub](https://splunkbase.splunk.com/app/6254/) will enable proper field extractions and field aliases.
+GitHub Enterprise Server comes with syslog-ng built in to send data to platforms like Splunk and we can take advantage of that with the (Splunk Add-on for GitHub)[https://splunkbase.splunk.com/app/6254/]. Setup details and documentation is available on (Splunk Docs)[https://docs.splunk.com/Documentation/AddOns/released/GitHub/About].
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,3 @@`
`1`	`1`	`# Sending GitHub Enterprise Server Logs to Splunk`
`2`	`2`
`3`		-GitHub Enterprise Server comes with syslog-ng built in to send data to platforms like Splunk: https://docs.github.com/en/enterprise-server@3.3/admin/user-management/monitoring-activity-in-your-enterprise/log-forwarding. Following those directions will allow you to easily onboard logs to Splunk. To take advantage of GitHub Enterprise Server's built in syslog, you can direct GHES to a Splunk Connect for Syslog endpoint which has built in capability to parse GitHub Enterprise Server logs. Pairing that with the [Splunk Add-On for GitHub](https://splunkbase.splunk.com/app/6254/) will enable proper field extractions and field aliases.
	`3`	`+GitHub Enterprise Server comes with syslog-ng built in to send data to platforms like Splunk and we can take advantage of that with the (Splunk Add-on for GitHub)[https://splunkbase.splunk.com/app/6254/]. Setup details and documentation is available on (Splunk Docs)[https://docs.splunk.com/Documentation/AddOns/released/GitHub/About].`