Splunk® Supported Add-ons

Splunk Add-on for Google Cloud Platform

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Set up the Add-on for Google Cloud Platform

You can configure the add-on either through Splunk Web or by making changes directly in the configuration files. Due to the complexity of the setup, configure the add-on in Splunk Web.

Configure the Splunk Add-on for Google Cloud Platform using Splunk Web

To configure the Splunk Add-on for Google Cloud Platform using Splunk Web, complete the following steps:

  1. Go to the Splunk Add-on for Google Cloud Platform configuration page, either by clicking the name of the add-on on the left navigation banner on the home page, or by going to Manage Apps, and then clicking Launch App in the row of Splunk Add-on for Google Cloud Platform.
  2. If you are upgrading the Splunk Add-on for Google Cloud Platform, you must will have to bump the add-on, by performing the following steps.
    1. Navigate to http://hostname:8000/en-{country-code}/_bump. For example, https://10.202.12.1:8000/en-US/_bump
    2. Click Bump Version to load the latest Javascript configurations from the add-on.
  3. Click Configuration to set up Google credentials, proxy, and logging level.
  4. Click Google Credentials, enter a name, and paste the Google Service Account JSON object you created in Create a service account in the Google Service Account Credentials field.
  5. If you are using a proxy, click Enable Proxy and fill in the fields to specify the Host, Port, Username, and Password.
  6. (Optional) If you checked Enable Proxy, check the DNS resolution box if you want to perform DNS resolution through your proxy.
  7. (Optional) If you checked Enable Proxy, select the type of proxy to use in the Proxy Type field.
    • Proxy types supported in version 3.0.0 of the Splunk Add-on for Google Cloud Platform are http, socks4 and socks5.
  8. (Optional) If you want to change the Logging level, select a new level from the drop down menu.
  9. Click Save.

Set up the add-on using configuration files

Configure credentials of the Splunk Add-on for Google Cloud Platform by completing the following steps:

  1. Create a file named google_credentials.conf under $SPLUNK_HOME/etc/apps/Splunk_TA_google-cloudplatform/local.
  2. Create a stanza in google_credentials.conf using the following template:
    [<name>]
    google_credentials = <value> # Google service account key that is in json format and can be downloaded from Google admin console.
    
    • You can add multiple Google credentials in google_credentials.conf. You need to remove all the line breaks in the JSON file to make it in one line, and then paste it to google_credentials.conf.</note>

    For example, remove the line breaks in the following JSON file:

    {
      "type": "service_account",
      "project_id": "my-project",
      "private_key_id": "32a3be8f2f0dcfe967ea558e486deaereacfas0c2497e",
    }
    

    Then, paste the following into the google_credentials.conf file:

    
      google_credentials={"type": "service_account","project_id": "my-project","private_key_id": "32a3be8f2f0dcfe967ea558e486deaereacfas0c2497e",}
    

Configure proxy and logging levels of the Splunk Add-on for Google Cloud Platform

Configure proxy and logging levels of the Splunk Add-on for Google Cloud Platform by completing the following steps:

  1. Copy the google_global_settings.conf file from $SPLUNK_HOME/etc/apps/Splunk_TA_google-cloudplatform/default to $SPLUNK_HOME/etc/apps/Splunk_TA_google-cloudplatform/local.
  2. Open the local version of the file in a text editor.
  3. Provide the necessary values and change default values as you see fit.
    • Enable the proxy by setting proxy_enabled to 1.
    • Change the proxy_type to socks4, or socks5 if necessary.
    • Change the proxy_rdns to 1 if you want the DNS lookup to go through the proxy. Leave it at 0 if you want to use the local machine to do a DNS lookup.
    • Change loglevel to DEBUG or ERROR if desired.
    • If you want the Splunk platform to index only the events when the scan is completed successfully, skipping those that were aborted or are still running, change index_events_for_unsuccessful_scans to 0. This parameter is not exposed in Splunk Web.

After updating google_global_settings.conf, restart the Splunk platform in order to make the changes and encrypt the proxy username and password.

Last modified on 08 September, 2021
PREVIOUS
Configure the Google Cloud Platform service permissions
  NEXT
Configure Cloud Pub/Sub inputs for Splunk Add-on for Google Cloud Platform

This documentation applies to the following versions of Splunk® Supported Add-ons: released, released


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters