- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm trying to run Google Apps for Splunk (https://splunkbase.splunk.com/app/2714/ ) in my new Splunk Enterprise 6.4 on AWS (I'm evaluating the product), but it doesn't seem to get the information as expected. I have followed all the steps in the documentation, but it always says "Waiting for data". The app's page says that it's for Splunk 6.2, so I don't know if I'm wasting my time trying to run it on 6.4 or not. I'm pretty new with Splunk, so probably I'm doing something wrong, but at least I would like to verify that it should work.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi! Developer here. A few things:
- Yes, 6.4 should work. I just haven't updated the splunkbase page yet.
- Make sure BOTH APIs are enabled ( I think documentation only has 1 listed - gotta update that - bad developer, bad) a. Admin SDK b. Apps Activity API
- Follow the OAuth authorization instructions. Make sure a credential was written to the
localfolder of the App. - You found me on Slack. Good Job! Go You! Welcome to the Splunk Community!
- Also you are on IRC! Yay!
- Contact me via Email/Slack/IRC with any questions, comments, rants, reviews, or weather conditions.
- Did you check
_internallogs? There are a few for this App. ( Methingsga.pyis one of them, but look at the sources in_internalto make sure). - Profit?
As always, upvote often, accept regularly, and always define your crane.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi! Developer here. A few things:
- Yes, 6.4 should work. I just haven't updated the splunkbase page yet.
- Make sure BOTH APIs are enabled ( I think documentation only has 1 listed - gotta update that - bad developer, bad) a. Admin SDK b. Apps Activity API
- Follow the OAuth authorization instructions. Make sure a credential was written to the
localfolder of the App. - You found me on Slack. Good Job! Go You! Welcome to the Splunk Community!
- Also you are on IRC! Yay!
- Contact me via Email/Slack/IRC with any questions, comments, rants, reviews, or weather conditions.
- Did you check
_internallogs? There are a few for this App. ( Methingsga.pyis one of them, but look at the sources in_internalto make sure). - Profit?
As always, upvote often, accept regularly, and always define your crane.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I didn't have the "Apps Activity API" permission added to my token.
I added it and now it works like a charm. Many thanks 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've used the App successfully on 6.3.3 (haven't tried it on 6.4 yet), so I was wondering if you could go into a couple details for me like:
Did you go through the configuration process for the oAuth token and did it work successfully (aka you should be able to find the oAuth token file in the App folder on the disk)?
Is the index you've told Splunk & the App to store that info in getting any data at all? If so, just double check it is set as one of your "default" search indexes since I don't believe that app's queries use any specific index identifier.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You are correct on SplunkBase the Google Apps For Splunk is only rated for Splunk Enterprise 6.2. I would reach out to the developer via the Splunkbase page:
https://splunkbase.splunk.com/app/2714/
and click on the Contact Developer button. Ask them if they are making a version for 6.4.
