Dashboards are empty but data is being ingested into Splunk

Similar to issue https://github.com/splunk/github_app_for_splunk/issues/56 and https://github.com/splunk/github_app_for_splunk/issues/58

I'm getting a very similar issue as previous reported. I have configured the GitHub Add-on For Splunk to ingest audit and user events as well as configured webhooks to capture events to the github index in Splunk. I can manually search the data and it's coming in from GitHub, but the Repository Audit and User Change Audit dashboards have none of the expected data. 

I have verified the macro are pointing to the correct indexes, everything looks good and as per documentation.

I have the following installed:
Splunk Enterprise 8.2.9
Apps:
Splunk Add-on for Github 2.1.1
GitHub App for Splunk 2.1.1
![image](https://user-images.githubusercontent.com/105814348/230188858-537244e8-02ea-4ef0-a75a-c3033b558370.png)
![image](https://user-images.githubusercontent.com/105814348/230189630-21491e24-b579-4139-8897-3556815c81a1.png)
![image](https://user-images.githubusercontent.com/105814348/230190103-18b9ed55-f03d-47ef-aa41-485725628b33.png)
![image](https://user-images.githubusercontent.com/105814348/230190340-a5a680fa-0415-4385-a016-75400dcd37e8.png)
![image](https://user-images.githubusercontent.com/105814348/230191541-5c1af790-f30b-4044-b363-22d9159c992d.png)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Dashboards are empty but data is being ingested into Splunk #62

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Dashboards are empty but data is being ingested into Splunk #62

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions