Splunk® Supported Add-ons

Splunk Add-on for Google Cloud Platform

Download manual as PDF

Download topic as PDF

Set up the Add-on for Google Cloud Platform

You can configure the add-on either through Splunk Web or by making changes directly in the configuration files. Due to the complexity of the setup, configure the add-on in Splunk Web.

Configure the Splunk Add-on for Google Cloud Platform using Splunk Web

To configure the Splunk Add-on for Google Cloud Platform using Splunk Web, complete the following steps:

  1. Go to the Splunk Add-on for Google Cloud Platform configuration page, either by clicking the name of the add-on on the left navigation banner on the home page, or by going to Manage Apps, and then clicking Launch App in the row of Splunk Add-on for Google Cloud Platform.
  2. Click Configuration to set up Google credentials, proxy, and logging level.
  3. Click Google Credentials, enter a name, and paste the Google Service Account JSON object you created in Create a service account in the Google Service Account Credentials field.
  4. If you are using a proxy, click Enable Proxy and fill in the fields to specify the Host, Port, Username, and Password.
  5. (Optional) If you checked Enable Proxy, check the DNS resolution box if you want to perform DNS resolution through your proxy.
  6. (Optional) If you checked Enable Proxy, select the type of proxy to use in the Proxy Type field.
    • Proxy types supported in version 1.3.0 of the Splunk Add-on for Google Cloud Platform are socks4 and socks5.
  7. (Optional) If you want to change the Logging level, select a new level from the drop down menu.
  8. Click Save.

Set up the add-on using configuration files

Configure credentials of the Splunk Add-on for Google Cloud Platform by completing the following steps:

  1. Create a file named google_credentials.conf under $SPLUNK_HOME/etc/apps/Splunk_TA_google-cloudplatform/local.
  2. Create a stanza in google_credentials.conf using the following template:
    [<name>]
    google_credentials = <value> # Google service account key that is in json format and can be downloaded from Google admin console.
    
    • You can add multiple Google credentials in google_credentials.conf. You need to remove all the line breaks in the JSON file to make it in one line, and then paste it to google_credentials.conf.</note>

    For example, remove the line breaks in the following JSON file:

    {
      "type": "service_account",
      "project_id": "my-project",
      "private_key_id": "32a3be8f2f0dcfe967ea558e486deaereacfas0c2497e",
    }
    

    Then, paste the following into the google_credentials.conf file:

    
      google_credentials={"type": "service_account","project_id": "my-project","private_key_id": "32a3be8f2f0dcfe967ea558e486deaereacfas0c2497e",}
    

Configure proxy and logging levels of the Splunk Add-on for Google Cloud Platform

Configure proxy and logging levels of the Splunk Add-on for Google Cloud Platform by completing the following steps:

  1. Copy the google_global_settings.conf file from $SPLUNK_HOME/etc/apps/Splunk_TA_google-cloudplatform/default to $SPLUNK_HOME/etc/apps/Splunk_TA_google-cloudplatform/local.
  2. Open the local version of the file in a text editor.
  3. Provide the necessary values and change default values as you see fit.
    • Enable the proxy by setting proxy_enabled to 1.
    • Change the proxy_type to socks4, or socks5 if necessary.
    • Change the proxy_rdns to 1 if you want the DNS lookup to go through the proxy. Leave it at 0 if you want to use the local machine to do a DNS lookup.
    • Change loglevel to DEBUG or ERROR if desired.
    • If you want the Splunk platform to index only the events when the scan is completed successfully, skipping those that were aborted or are still running, change index_events_for_unsuccessful_scans to 0. This parameter is not exposed in Splunk Web.

After updating google_global_settings.conf, restart the Splunk platform in order to make the changes and encrypt the proxy username and password.

PREVIOUS
Configure the Google Cloud Platform service permissions
  NEXT
Configure Cloud Pub/Sub inputs for Splunk Add-on for Google Cloud Platform

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters