Related Answers
Download topic as PDF
Source types for the Splunk Add-on for Google Cloud Platform
The Splunk Add-on for Google Cloud Platform (GCP) provides the index-time and search-time knowledge for Google Cloud Platform logs and billing data in the following formats:
| Source type | Description | CIM data models |
|---|---|---|
google:gsuite:pubsub:audit:auth
|
Data from Pub/Sub. GSuite Authentication Audit Logs | Authentication |
google:gcp:pubsub:audit:auth
|
Data from Pub/Sub. GCP Authentication Audit Logs | Authentication |
google:gcp:pubsub:message
|
Data from Pub/Sub | Authentication |
google:gcp:monitoring
|
Data from Cloud Monitor service | None |
google:gcp:billing:report
|
CSV format billing reports that you have configured in Google Cloud Billing | None |
google:gcp:billing:report
|
JSON format billing reports that you have configured in Google Cloud Billing | None |
google:gcp:buckets:metadata
|
Cloud Storage Bucket metadata | None |
google:gcp:buckets:csvdata
|
CSV contents of objects present in the Cloud Storage Bucket | None |
google:gcp:buckets:jsondata
|
JSON contents of objects present in the Cloud Storage Bucket | None |
google:gcp:buckets:xmldata
|
XML contents of objects present in the Cloud Storage Bucket | None |
google:gcp:buckets:data
|
Generic sourcetype for the contents of other file extentions. For example, txt, avro, and parquet | None |
| User defined | Modular input. See the REST API reference page for more information. | None |
Last modified on 23 July, 2020
|
PREVIOUS Splunk Add-on for Google Cloud Platform |
NEXT Release notes for the Splunk Add-on for Google Cloud Platform |
This documentation applies to the following versions of Splunk® Supported Add-ons: released, released
Feedback submitted, thanks!