Splunk® Supported Add-ons

Splunk Add-on for Google Cloud Platform

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Source types for the Splunk Add-on for Google Cloud Platform

The Splunk Add-on for Google Cloud Platform (GCP) provides the index-time and search-time knowledge for Google Cloud Platform logs and billing data in the following formats:

To better align with the Google Cloud Platform, and to provide a better understanding of the data coming from the cloud, the 4.0.0 release of the Splunk Add-on for Google Cloud Platform contains improvements to sourcetyping that affect the google:gcp:pubsub:audit:auth, google:gcp:pubsub:audit:change, and google:gcp:pubsub:message source types. These improvements provide more granular sourcetyping on incoming data from your GCP deployment, enhancing your ability to investigate and simplifying the development of dashboards in Splunk that use GCP data. Upgrading to version 4.0.0 or higher will cause any inline searches, pivots, or reports that use these source types to not work for the GCP data that is being ingested after upgrading to version 4.0.0 of this add-on. To ensure continuity of searches and reports on GCP data coming in after the upgrade to version 4.0.0 or later, review and perform the steps contained in the Upgrade the Splunk Add-on for Google Cloud Platform topic in this manual.

Source type Description CIM data models
google:gsuite:pubsub:audit:auth Data from Pub/Sub (GSuite Authentication Audit Logs) Authentication
google:gcp:pubsub:audit:data_access Data from Pub/Sub (GCP Authentication Audit Logs) Authentication
google:gcp:pubsub:audit:admin_activity Data from Pub/Sub Change
google:gcp:pubsub:audit:system_event Data from Pub/Sub Change
google:gcp:pubsub:audit:policy_denied Data from Pub/Sub
google:gcp:pubsub:access_transparency Data from Pub/Sub
google:gcp:pubsub:audit:auth Data from Pub/Sub (GCP Authentication Audit Logs) Authentication
google:gcp:pubsub:message Data from Pub/Sub Authentication
google:gcp:monitoring Data from Cloud Monitor service None
google:gcp:billing:standard_usage_cost Data from Standard Usage Cost reports None
google:gcp:billing:detailed_usage_cost Data from Detailed Usage Cost reports None
google:gcp:billing:pricing Data from Pricing Table reports None
google:gcp:buckets:accesslogs Cloud Storage Bucket server access logs for a storage account Change
google:gcp:buckets:csvdata CSV contents of objects present in the Cloud Storage Bucket None
google:gcp:buckets:data Generic source type for the contents of other file extensions. For example, txt, avro, and parquet None
google:gcp:buckets:jsondata JSON contents of objects present in the Cloud Storage Bucket None
google:gcp:buckets:metadata Cloud Storage Bucket metadata None
google:gcp:resource:metadata Resource Metadata of Compute Engine, Cloud Storage, Kubernetes and VPC Access None
google:gcp:buckets:xmldata XML contents of objects present in the Cloud Storage Bucket None
User defined Modular input. See the REST API reference page for more information. None
Last modified on 19 January, 2023
PREVIOUS
Splunk Add-on for Google Cloud Platform
  NEXT
Release notes for the Splunk Add-on for Google Cloud Platform

This documentation applies to the following versions of Splunk® Supported Add-ons: released, released


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters