All Apps and Add-ons
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

G Suite For Splunk

keithpachulski
Engager
‎05-08-2019 10:14 AM

On install of the g-suite app I am now receiving the following error on all of my dashboards:

"Eventtype 'gsuite_internal' does not exist or is disabled."

What do I need to do to correct this error?

0 Karma
Reply

pablobarquin
Explorer
‎03-12-2020 07:55 AM

Hello,

I have exactly the same issue. Weird thing is that Gsuite app is installed since looong time ago with no issues and suddenly this message is appearing in all user's searches/reports/dashboards.
The index we are using is googleapps so I have no idea why this is raising suddenly.
Any ideas?
Thanks!

0 Karma
Reply

vhharanpositka
Path Finder
‎06-27-2019 05:19 AM

Hi

Actually this error occurred based on the index that you integrate the g-suite data.
The default index will be the main index.

Check the eventtype googleapps which has the search string as (index=main sourcetype=GSuiteForSplunk:error OR sourcetype=gapps:*) OR index=googleapps

If the eventtype and the index is matched then that error will not occur.

Thanks

0 Karma
Reply

vhharanpositka
Path Finder
‎06-27-2019 05:19 AM

Hi

Actually this error occurred based on the index that you integrate the g-suite data.
The default index will be the main index.

Check the eventtype googleapps which has the search string as (index=main sourcetype=GSuiteForSplunk:error OR sourcetype=gapps:*) OR index=googleapps

If the eventtype and the index is matched then that error will not occur.

Thanks

0 Karma
Reply

tbrouwer
New Member
‎05-10-2019 02:48 PM

I have the same issue. Hoping someone can answer

0 Karma
Reply

vhharanpositka
Path Finder
‎06-27-2019 05:17 AM

Hi

Actually this error occurred based on the index that you integrate the g-suite data.
The default index will be the main index.

Check the eventtype googleapps which has the search string as (index=main sourcetype=GSuiteForSplunk:error OR sourcetype=gapps:*) OR index=googleapps

If the eventtype and the index is matched then that error will not occur.

Thanks

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In March, the Splunk Threat Research Team had 2 releases of security content via the Enterprise Security ...

Join the Splunk Developer Program Hackathon: Splunk Build-a-thon!

The Splunk Developer Program is launching in beta, and we’re celebrating with an exciting hackathon! This is ...

Announcing the Expansion of the Splunk Academic Alliance Program

The Splunk Community is more than just an online forum — it’s a network of passionate users, administrators, ...
Top