GitHub Enterprise Server comes with syslog-ng built in to send data to platforms like Splunk: https://docs.github.com/en/enterprise-server@3.3/admin/user-management/monitoring-activity-in-your-enterprise/log-forwarding. Following those directions will allow you to easily onboard logs to Splunk. To take advantage of GitHub Enterprise Server's built in syslog, you can direct GHES to a Splunk Connect for Syslog endpoint which has built in capability to parse GitHub Enterprise Server logs. Pairing that with the Splunk Add-On for GitHub will enable proper field extractions and field aliases.