G Suite For Splunk

keithpachulski · ‎05-08-2019

On install of the g-suite app I am now receiving the following error on all of my dashboards:

"Eventtype 'gsuite_internal' does not exist or is disabled."

What do I need to do to correct this error?

pablobarquin · ‎03-12-2020

Hello,

I have exactly the same issue. Weird thing is that Gsuite app is installed since looong time ago with no issues and suddenly this message is appearing in all user's searches/reports/dashboards.
The index we are using is googleapps so I have no idea why this is raising suddenly.
Any ideas?
Thanks!

vhharanpositka · ‎06-27-2019

Hi

Actually this error occurred based on the index that you integrate the g-suite data.
The default index will be the main index.

Check the eventtype googleapps which has the search string as (index=main sourcetype=GSuiteForSplunk:error OR sourcetype=gapps:*) OR index=googleapps

If the eventtype and the index is matched then that error will not occur.

Thanks

vhharanpositka · ‎06-27-2019

Hi

Actually this error occurred based on the index that you integrate the g-suite data.
The default index will be the main index.

Check the eventtype googleapps which has the search string as (index=main sourcetype=GSuiteForSplunk:error OR sourcetype=gapps:*) OR index=googleapps

If the eventtype and the index is matched then that error will not occur.

Thanks

tbrouwer · ‎05-10-2019

I have the same issue. Hoping someone can answer

vhharanpositka · ‎06-27-2019

Hi

Actually this error occurred based on the index that you integrate the g-suite data.
The default index will be the main index.

Check the eventtype googleapps which has the search string as (index=main sourcetype=GSuiteForSplunk:error OR sourcetype=gapps:*) OR index=googleapps

If the eventtype and the index is matched then that error will not occur.

Thanks

G Suite For Splunk

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

Logs to Metrics

Developer Spotlight with Paul Stout