Splunk® Supported Add-ons

Splunk Add-on for Google Cloud Platform

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Release history for the Splunk Add-on for Google Cloud Platform

Latest release

The latest version of the Splunk Add-on for Google Cloud Platform is version 4.0.0. See Release notes for the Splunk Add-on for Google Cloud Platform for the release notes of this latest version.

Version 3.2.0

Version 3.2.0 of the Splunk Add-on for Google Cloud Platform was released on April 5, 2022.

About this release

Version 3.2.0 of the Splunk Add-on for Google Cloud Platform is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 8.0.x, 8.1.x, 8.2.x
CIM 4.20
Platforms Platform independent
Vendor Products Google Cloud Pub/Sub
Google Cloud CloudMonitor service
Google Cloud BigQuery Billing
Google Cloud Storage
Compute Engine

New features

Version 3.2.0 of the Splunk Add-on for Google Cloud Platform contains the following new features.

  • Added support for the Google Cloud BigQuery Billing input through the following sourcetypes:
    • google:gcp:billing:standard_usage_cost
    • google:gcp:billing:detailed_usage_cost
    • google:gcp:billing:pricing

    Previously billing data was ingested in the google:gcp:billing:report sourcetype.

    Google has deprecated regular file export of your Cloud Billing data to CSV and JSON. To export your Cloud Billing data for analysis, use Cloud Billing export to BigQuery.

    To ingest Cloud BigQuery Billing data, you must delete your existing billing inputs before you upgrade to versions 3.2.0 and later of this add-on. After upgrading, you can then recreate your billing inputs.
    See the Configure Cloud BigQuery Billing inputs for the Splunk Add-on for Google Cloud Service topic in this manual.

Fixed issues

Version 3.2.0 of the Splunk Add-on for Google Cloud Platform fixes the following issues:

Date resolved Issue number Description
2022-03-18 ADDON-28986 Google Cloud Platform TA for Splunk doesn't ingest Storage Bucket Data past 250MB
2022-03-08 ADDON-32127 Google Cloud Platform add-on retrieving bucket data cannot retrieve data once 1000+ files are already in bucket

Known issues

Version 3.2.0 of the Splunk Add-on for Google Cloud Platform contains the following known issues. If no issues appear below, no issues have yet been reported:


Date filed Issue number Description
2022-08-30 ADDON-55365 Input configuration is not working with proxy
2022-08-29 ADDON-55311 Data collection for Cloud Storage Bucket input with Proxy is not working when Splunk machine's internet turned off
2022-08-22 ADDON-54994 Splunk Add-on for Google Cloud Platform not parsing data via Proxy
2022-08-22 ADDON-54996 GCP - socket.timeout: timed
2022-08-11 ADDON-54797 Unable to ingest data for the sourcetype
2022-08-08 ADDON-54627 Splunk Add-On for Google CloudPlatform not showing all Projects
2022-07-21 ADDON-54061 Splunk Add-on for Google Cloud Platform does not properly ingest json data in a storage bucket.
2022-06-21 ADDON-53023 Splunk not parsing CSV with comma in text field
2022-04-16 ADDON-50663, ADDON-53628 GCP 3.2.0 does not work with very high Storage Buckets and if there are many files in the bucket.

Third-party software attributions

Version 3.2.0 of the Splunk Add-on for Google Cloud Platform incorporates the following third-party software or libraries:

Third-party software attributions for the Splunk Add-on for Google Cloud Platform

Version 3.1.1

Version 3.1.1 of the Splunk Add-on for Google Cloud Platform was released on September 8, 2021.

About this release

Version 3.1.1 of the Splunk Add-on for Google Cloud Platform is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 8.0.x, 8.1.x, 8.2.x
CIM 4.18
Platforms Platform independent
Vendor Products Google Cloud Pub/Sub
Google Cloud CloudMonitor service
Google Cloud Billing (Deprecated)
Google Cloud Storage
Compute Engine

The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

New features

Version 3.1.1 of the Splunk Add-on for Google Cloud Platform contains the following new features.

  • Added native support for Cloud Storage - Usage log format.

    Previously this data was ingested in the generic google:gcp:buckets:*data sourcetype.

  • UI component upgrades for compatibility with future versions of the Splunk software (jQuery removal).
  • The billing API used to fetch billing data is now deprecated. Users won't be able to ingest billing data using the billing input.
  • Self-Service restart fix. Rolling restarts have been eliminated.
  • The sourcetype: google:gcp:buckets:accesslogs, which has been configured to work with the Change data model in the Common Information Model (CIM).
  • Improved CIM support for storage access events.

See Choose your Splunk Enterprise upgrade path for the Python 3 migration to learn more about migrating your deployment to Python3.

Fixed issues

Version 3.1.1 of the Splunk Add-on for Google Cloud Platform fixes the following issues:

Date resolved Issue number Description
2021-08-19 ADDON-39648 Splunk Add-on for Google Cloud Platform 3.0.2 throwing many script errors
2020-07-24 ADDON-27084 GCP add-on retrieving bucket data is unable to correctly event break data

Known issues

Version 3.1.1 of the Splunk Add-on for Google Cloud Platform contains the following known issues. If no issues appear below, no issues have yet been reported:


Third-party software attributions

Version 3.1.1 of the Splunk Add-on for Google Cloud Platform incorporates the following third-party software or libraries:

Version 3.0.2

Version 3.0.2 of the Splunk Add-on for Google Cloud Platform was released on July 22, 2020.

About this release

Version 3.0.2 of the Splunk Add-on for Google Cloud Platform is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 7.0.x ,7.1.x, 7.2.x, 7.3.x, 8.0.x
CIM 4.16
Platforms Platform independent
Vendor Products Google Cloud Pub/Sub
Google Cloud CloudMonitor service
Google Cloud Billing
Google Cloud Storage
Compute Engine

The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

New features

Version 3.0.2 of the Splunk Add-on for Google Cloud Platform contains the following new features.

  • Increased Assets and Identities CIM data model compatibility
  • Increased Network Traffic CIM data model compatibility

See Choose your Splunk Enterprise upgrade path for the Python 3 migration to learn more about migrating your deployment to Python3.

Fixed issues

Version 3.0.2 of the Splunk Add-on for Google Cloud Platform fixes the following issues:


Known issues

Version 3.0.2 of the Splunk Add-on for Google Cloud Platform contains the following known issues. If no issues appear below, no issues have yet been reported:


Date filed Issue number Description
2021-07-22 ADDON-39648 Splunk Add-on for Google Cloud Platform 3.0.2 throwing many script errors
2020-12-29 ADDON-32127 Google Cloud Platform add-on retrieving bucket data cannot retrieve data once 1000+ files are already in bucket

Third-party software attributions

Version 3.0.2 of the Splunk Add-on for Google Cloud Platform incorporates the following third-party software or libraries:

Version 3.0.0

Version 3.0.0 of the Splunk Add-on for Google Cloud Platform was released on March 4, 2020.

About this release

Version 3.0.0 of the Splunk Add-on for Google Cloud Platform is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 7.0.x ,7.1.x, 7.2.x, 7.3.x, 8.0.x
CIM None
Platforms Platform independent
Vendor Products Google Cloud Pub/Sub
Google Cloud CloudMonitor service
Google Cloud Billing
Google Cloud Storage
Compute Engine

New features

Version 3.0.0 of the Splunk Add-on for Google Cloud Platform contains the following new features.

  • Support for GCP resource metadata collection. Collect resource metadata to track configurations across deployments and compare them, and administer large deployments in GCP securely.
    • Users can assign sourcetype while configuring an input from the Inputs page.
    • See the REST API reference page to see the Cloud Resource Metadata APIs.
  • Support for the GCP Google Cloud Storage input.
    • Support to ingest data directly from GCS buckets and bucket metadata of the selected buckets.
    • Support for the following file formats: XML, CSV, JSON, TEXT
  • Support for the following sourcetypes, introduced as part of the Cloud Storage Bucket input:
    • google:gcp:buckets:metadata
    • google:gcp:buckets:csvdata
    • google:gcp:buckets:jsondata
    • google:gcp:buckets:xmldata
    • google:gcp:buckets:data

See Choose your Splunk Enterprise upgrade path for the Python 3 migration to learn more about migrating your deployment to Python3.

Fixed issues

Version 3.0.0 of the Splunk Add-on for Google Cloud Platform fixes the following issues:

Date resolved Issue number Description
2020-01-28 ADDON-24913, ADDON-24925 Missing UI Validations for GCP inputs Resource metadata and Storage Bucket

Known issues

Version 3.0.0 of the Splunk Add-on for Google Cloud Platform contains the following known issues. If no issues appear below, no issues have yet been reported:

Date filed Issue number Description
2020-06-12 ADDON-27084 GCP add-on retrieving bucket data is unable to correctly event break data
2019-10-16 ADDON-23971 HttpError 429 Too Many Requests Error
2018-08-21 ADDON-19157 Host field for google_cloud_monitor sourcetype is showing None value
2017-02-21 ADDON-13693, ADDON-11310, ADDON-13694 Fresh install GCP creates passwords.conf under local folder
2016-08-02 ADDON-10816 If the billing file contains Unicode, the file will not be ingested to Splunk.

Third-party software attributions

Version 3.0.0 of the Splunk Add-on for Google Cloud Platform incorporates the following third-party software or libraries:


Version 2.0.0

Version 2.0.0 of the Splunk Add-on for Google Cloud Platform was released on October 21, 2019.

About this release

Version 2.0.0 of the Splunk Add-on for Google Cloud Platform is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 7.0.x ,7.1.x, 7.2.x, 7.3.x, 8.0.x
CIM None
Platforms Platform independent
Vendor Products Google Cloud Pub/Sub
Google Cloud Monitor
Google Cloud Billing

New features

Version 2.0.0 of the Splunk Add-on for Google Cloud Platform contains the following new features.

  • Support for Python 3

See Choose your Splunk Enterprise upgrade path for the Python 3 migration to learn more about migrating your deployment to Python3.

Fixed issues

Version 2.0.0 of the Splunk Add-on for Google Cloud Platform fixes the following issues:

Date resolved Issue number Description
2019-09-27 ADDON-23342 Special characters are allowed in the Inputs as well as Google credentials name.
2019-09-27 ADDON-23319 Add-on's UI break when input name consists of "Test container"
2019-08-29 ADDON-22617 Missing Pub/Sub in GCP add-on UI

Known issues

Version 2.0.0 of the Splunk Add-on for Google Cloud Platform contains the following known issues. If no issues appear below, no issues have yet been reported:

Date filed Issue number Description
2020-01-22 ADDON-24913, ADDON-24925 Missing UI Validations for GCP inputs Resource metadata and Storage Bucket
2019-10-16 ADDON-23971 HttpError 429 Too Many Requests Error
2018-08-22 ADDON-19166 In proxy configuration screen password does not get blank even after splunk restart or transiting from one screen to another
2018-08-21 ADDON-19157 Host field for google_cloud_monitor sourcetype is showing None value
2017-02-21 ADDON-13693, ADDON-11310, ADDON-13694 Fresh install GCP creates passwords.conf under local folder
2016-08-02 ADDON-10816 If the billing file contains Unicode, the file will not be ingested to Splunk.

Third-party software attributions

Version 2.0.0 of the Splunk Add-on for Google Cloud Platform incorporates the following third-party software or libraries:


Version 1.2.0

Version 1.2.0 of the Splunk Add-on for Google Cloud Platform is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 6.6 or later
CIM None
Platforms Platform independent
Vendor Products Google Cloud Pub/Sub
Google Cloud Monitor
Google Cloud Billing

New features

Version 1.2.0 of the Splunk Add-on for Google Cloud Platform contains the following new and changed features.

  • Optimized Cloud pub/sub inputs to ingest metadata of events
    • The following is an example of the new event format.
{
	publish_time: 1510876651
	message: {
		id: 172600725985922
		data: "foo,bar"
		attributes: {
			key1: xxx,
			key2: xxx
		}
	}
}
  • Migration tool for upgrading versions
  • Renamed sourcetypes and sources
    • Changed google:pubsub to google:gcp:pubsub:message
    • Changed google:billing:csv to google:gcp:billing:report
    • Changed google:billing:json to google:gcp:billing:report
    • Changed google:cloudmonitor to google:gcp:monitoring
  • Source change of billing
    • Change from {file_name} to URI https://storage.cloud.google.com/{bucket_name}/{file_name}
  • Source change of pubsub
    • Change from {project_name}:{subscription_name} to projects/{project_name}/subscriptions/{subscription_name}
  • Proxy type http_no_tunnel is no longer supported

Fixed issues

Version 1.2.0 of the Splunk Add-on for Google Cloud Platform fixes the following issues.

Date resolved Issue number Description
2018-01-05 ADDON-13638 Windows: Unable to initialize 'google_pubsub' on Splunk platform 6.5.1
2017-11-29 ADDON-15445 Pubsub modular inputs process gets orphaned when restarting splunk.
2016-10-18 ADDON-10105 Add-On for Google Cloud Platform appears to be dropping 2/3 of events

Known issues

Version 1.2.0 of the Splunk Add-on for Google Cloud Platform contains the following known issues.

Date filed Issue number Description
2018-08-21 ADDON-19157 Host field for google_cloud_monitor sourcetype is showing None value
2018-08-03 ADDON-18990 Disabled input is reenabled by refreshing/reloading the browser page
2018-06-19 ADDON-18474 Not respecting proxy configuration
2017-02-21 ADDON-13693, ADDON-11310, ADDON-13694 Fresh install GCP creates passwords.conf under local folder
2016-08-02 ADDON-10816 If the billing file contains Unicode, the file will not be ingested to Splunk.
2016-03-06 ADDON-8185 need better error message when daily limit hit in GUI

Third-party software attributions

Version 1.2.0 of the Splunk Add-on for Google Cloud Platform does not incorporate any third-party software or libraries.


Version 1.1.0

Version 1.1.0 of the Splunk Add-on for Google Cloud Platform has the same compatibility specifications as version 1.1.0.

Fixed issues

Version 1.1.0 of the Splunk Add-on for Google Cloud Platform fixes the following issues.


Known Issues

Version 1.1.0 of the Splunk Add-on for Google Cloud Platform has the following known issues. If no issues appear below, no issues have yet been reported.


Date filed Issue number Description
2016-12-14 ADDON-12738 This add-on cannot get the credential account information of the pub/sub input if the name contains space character.
2016-11-22 ADDON-12306 If one of the pub/sub input is configured with invalid project, all the other inputs of this channel cannot get data successfully.
2016-11-09 ADDON-12012 This add-on makes request to Google even there is no input configured.
2016-10-09 ADDON-11521 Splunk 6.3 failed to delete account
2016-09-02 ADDON-11144, ADDON-12663 Pub/Sub subscriptions can only list the first 100 subscriptions in GUI.
2016-08-31 ADDON-11094 This add-on only lists the first 1000 projects in the Pub/Sub subscriptions (if you have more than 1000 projects in Google Pub/Sub channel).
2016-08-02 ADDON-10816 If the billing file contains Unicode, the file will not be ingested to Splunk.
2016-08-02 ADDON-10820, ADDON-9688, ADDON-12405 UI display issues with Splunk version 6.4.0

Third-party software attributions

Version 1.1.0 of the Splunk Add-on for Google Cloud Platform does not incorporate any third-party software or libraries.

Last modified on 29 September, 2022
PREVIOUS
Release notes for the Splunk Add-on for Google Cloud Platform
  NEXT
Hardware and software requirements for the Splunk Add-on for Google Cloud Platform

This documentation applies to the following versions of Splunk® Supported Add-ons: released, released


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters