Skip to main content
 
 
Splunk Lantern

Sending GitLab webhook data to the Splunk platform

 

This article describes how to send GitLab webhook data to a HTTP Event Collector (HEC) or Opentelemetry Collector using the HEC receiver for getting data into the Splunk platform.

Getting data into the Splunk platform from GitLab using webhooks provides visibility into code pushes, comments and issues, merge requests, pipeline status events (getting data out of pipelines is detailed in this article) deployments, and so on.

Step 1: Enable HEC query string authentication

GitLab webhooks do not have configurable headers to send along a HEC token, so you must use query string authentication for HEC.

To enable query string authentication, for Splunk Enterprise users, edit your inputs.conf file as described in the documentation. If you're a Splunk Cloud Platform user, you'll need to log a ticket via the support portal to get this done.

After this authentication is enabled, requests to send HEC with the query string auth will look like this:
http://<hec_ip>:<port>/services/collector/raw?token=<hec_token>

Step 2: Enable webhooks in GitLab

  1. Go to Settings > Webhooks.
  2. Enter your Splunk HEC IP or address, along with the HEC port.
  3. Use the services/collector/raw endpoint along with the token in your query string for authentication.
  4. Use URL masking to hide your HEC token in the UI.

  1. Choose which events to send as webhooks (pushes, merge requests, pipeline events, etc) and whether to enable SSL verification (https).
  2. Save your configuration.
  3. Scroll down to the bottom of the webhooks page to send different types of test events using the options under the Test dropdown menu.