All Apps and Add-ons

Give me Advice for setup GSuite app.

gontatata
Explorer

I installed GSuite App on Splunk 8.0.4.1 and configured input etc.
* Before I installed old versions GSuite App on Splunk 8.0 but didn't work it .
   then deleted old version and setting and installed from scratch after support both versions.

But I cannot get user information / Gmail information on current version.
I could get below information.

Do you know any advice for get user and another information?
(Or if you know any documentation,website for setup include GSuite side, please let me know.)
I could get information when I used old version of GSuite App.

- Source information which is I can get now.
gapps:report:drive
gapps:report:calendar
gapps:report:mobile
gapps:report:groups:modular_input_result
gapps:report:mobile:modular_input_result
GSuiteForSplunk:error
gapps:report:admin:modular_input_result
gapps:report:calendar:modular_input_result
gapps:report:[all:modular_input_result

-Service Settings.
report:all,report:access_transparency,report:admin,report:calendar,report:drive,report:token,report:gcp,report:meet,report:mobile,report:groups,report:groups_enterprise,report:login,report:user_accounts,report:gplus,report:saml,admin:users,usage:chrome,usage:user

- Error
In "GSuiteForSplunk:error", It logged "HttpError 503 when requesting https://www.googleapis.com/discovery/v1/apis/drive/v3/rest returned "Backend Error""

Labels (2)
Tags (2)
0 Karma
1 Solution

gontatata
Explorer

Thank you for your reply.

Looks strange but after 1-2 weeks, started to display information.

Maybe Splunk didn't get enough information from G-Suite.

 

View solution in original post

0 Karma

FrankVl
Ultra Champion

Not a direct answer to your question, but it might be worth looking at this recently published blog on how to send GSuite logs to HEC (through Google Cloud Platform pub/sub methods): https://www.splunk.com/en_us/blog/partners/google-gsuite-to-splunk-hec-configuration.html

0 Karma

gontatata
Explorer

Thank you for your reply.

Looks strange but after 1-2 weeks, started to display information.

Maybe Splunk didn't get enough information from G-Suite.

 

0 Karma
Get Updates on the Splunk Community!

Splunk Community Platform Survey

Hey Splunk Community, Starting today, the community platform may prompt you to participate in a survey. The ...

Observability Highlights | November 2022 Newsletter

 November 2022Observability CloudEnd Of Support Extension for SignalFx Smart AgentSplunk is extending the End ...

Avoid Certificate Expiry Issues in Splunk Enterprise with Certificate Assist

This blog post is part 2 of 4 of a series on Splunk Assist. Click the links below to see the other ...