Splunk® Supported Add-ons

Splunk Add-on for Google Cloud Platform

Download manual as PDF

Download topic as PDF

Troubleshoot the Splunk Add-on for Google Cloud Platform

General troubleshooting

For troubleshooting tips that you can apply to all add-ons, see Troubleshoot add-ons in Splunk Add-ons. For additional resources, see Support and resource links for add-ons in Splunk Add-ons.

Data not showing up

If you are upgrading from a version of the Splunk Add-on for Google Cloud Platform earlier than 1.2.0, you must run the following upgrade script in order for your data to be properly sent.
# python {path_of_google_cloudplatform_addon}/bin/tools/migrate_pubsub_input.py

Accessing logs

You can access internal log data for help with troubleshooting. Data collected with these source types does not appear in any dashboards.

Data source Source type
Logs from splunk_ta_google_pubsub_main.log.

Logs from splunk_ta_google_pubsub_util.log.

google:gcp:pubsub:log
Logs from splunk_ta_google_cloudplatform_cloud_monitor_main.log

Logs from splunk_ta_google-cloudplatform_cloud_monitor_util.log

google:gcp:monitor:log
Logs from splunk_ta_google_billing.log google:gcp:billing:log
Logs from splunk_ta_google-cloudplatform_custom_rest.log google:gcp:custom_rest:log

Configure log levels

  1. Click Splunk Add-on for Google Cloud Platform in your left navigation bar on Splunk Web's home page.
  2. Click Configuration in the app navigation bar.
  3. Click the Logging tab.
  4. Adjust the log levels for each of the Google Cloud Platform services as needed by changing the default of INFO to one of the other available options, DEBUG or ERROR.
  5. (Optional) If you are using pub/sub, restart your Splunk instance to apply changes.

These log level configurations apply only to runtime logs. Some REST endpoint logs from configuration activity log at DEBUG, and some validation logs log at ERROR. These levels cannot be configured.

Large pub/sub subscriptions

For large pub/sub subscriptions, we recommend cloning existing inputs that are ingesting the same subscriptions to increase data throughput and performance. These identical inputs can be in the same instance or in different instances.

To manage a large number of subscriptions to one Splunk instance, aggregate subscriptions belonging to the same Google Cloud Service account into one input to save resources.

Exceed Request Limit

If you see any insufficient tokens for quota group errors such as the following, then you have exceeded the Google Cloud Monitoring request limit, which is 50000 per day. You should limit your request or apply for higher quota in Google:

<"Insufficient tokens for quota group and limit DefaultGroupCLIENT_PROJECT-1d using the limit by ID 342432.">
PREVIOUS
Configure Cloud Billing inputs for Splunk Add-on for Google Cloud Service
  NEXT
Performance reference for the Splunk Add-on for Google Cloud Platform

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters