I installed GSuite App on Splunk 8.0.4.1 and configured input etc.
* Before I installed old versions GSuite App on Splunk 8.0 but didn't work it .
then deleted old version and setting and installed from scratch after support both versions.
But I cannot get user information / Gmail information on current version.
I could get below information.
Do you know any advice for get user and another information?
(Or if you know any documentation,website for setup include GSuite side, please let me know.)
I could get information when I used old version of GSuite App.
- Source information which is I can get now.
gapps:report:drive
gapps:report:calendar
gapps:report:mobile
gapps:report:groups:modular_input_result
gapps:report:mobile:modular_input_result
GSuiteForSplunk:error
gapps:report:admin:modular_input_result
gapps:report:calendar:modular_input_result
gapps:report:[all:modular_input_result
-Service Settings.
report:all,report:access_transparency,report:admin,report:calendar,report:drive,report:token,report:gcp,report:meet,report:mobile,report:groups,report:groups_enterprise,report:login,report:user_accounts,report:gplus,report:saml,admin:users,usage:chrome,usage:user
- Error
In "GSuiteForSplunk:error", It logged "HttpError 503 when requesting https://www.googleapis.com/discovery/v1/apis/drive/v3/rest returned "Backend Error""
Thank you for your reply.
Looks strange but after 1-2 weeks, started to display information.
Maybe Splunk didn't get enough information from G-Suite.
Not a direct answer to your question, but it might be worth looking at this recently published blog on how to send GSuite logs to HEC (through Google Cloud Platform pub/sub methods): https://www.splunk.com/en_us/blog/partners/google-gsuite-to-splunk-hec-configuration.html
Thank you for your reply.
Looks strange but after 1-2 weeks, started to display information.
Maybe Splunk didn't get enough information from G-Suite.