Related Answers
Download topic as PDF
Source types for the Splunk Add-on for Google Cloud Platform
The Splunk Add-on for Google Cloud Platform (GCP) provides the index-time and search-time knowledge for Google Cloud Platform logs and billing data in the following formats:
| Source type | Description | CIM data models |
|---|---|---|
google:gsuite:pubsub:audit:auth
|
Data from Pub/Sub (GSuite Authentication Audit Logs) | Authentication |
google:gcp:pubsub:audit:auth
|
Data from Pub/Sub (GCP Authentication Audit Logs) | Authentication |
google:gcp:pubsub:message
|
Data from Pub/Sub | Authentication |
google:gcp:monitoring
|
Data from Cloud Monitor service | None |
google:gcp:billing:standard_usage_cost
|
Data from Standard Usage Cost reports | None |
google:gcp:billing:detailed_usage_cost
|
Data from Detailed Usage Cost reports | None |
google:gcp:billing:pricing
|
Data from Pricing Table reports | None |
google:gcp:buckets:accesslogs
|
Cloud Storage Bucket server access logs for a storage account | Change |
google:gcp:buckets:csvdata
|
CSV contents of objects present in the Cloud Storage Bucket | None |
google:gcp:buckets:data
|
Generic source type for the contents of other file extensions. For example, txt, avro, and parquet | None |
google:gcp:buckets:jsondata
|
JSON contents of objects present in the Cloud Storage Bucket | None |
google:gcp:buckets:metadata
|
Cloud Storage Bucket metadata | None |
google:gcp:buckets:xmldata
|
XML contents of objects present in the Cloud Storage Bucket | None |
| User defined | Modular input. See the REST API reference page for more information. | None |
Last modified on 07 April, 2022
|
PREVIOUS Splunk Add-on for Google Cloud Platform |
NEXT Release notes for the Splunk Add-on for Google Cloud Platform |
This documentation applies to the following versions of Splunk® Supported Add-ons: released, released
Feedback submitted, thanks!