All Apps and Add-ons

Google Apps for Splunk: Why am I always seeing "Waiting for data..." in Splunk Enterprise 6.4?

jselvi
Explorer

I'm trying to run Google Apps for Splunk (https://splunkbase.splunk.com/app/2714/ ) in my new Splunk Enterprise 6.4 on AWS (I'm evaluating the product), but it doesn't seem to get the information as expected. I have followed all the steps in the documentation, but it always says "Waiting for data". The app's page says that it's for Splunk 6.2, so I don't know if I'm wasting my time trying to run it on 6.4 or not. I'm pretty new with Splunk, so probably I'm doing something wrong, but at least I would like to verify that it should work.

0 Karma
1 Solution

alacercogitatus
SplunkTrust
SplunkTrust

Hi! Developer here. A few things:

  1. Yes, 6.4 should work. I just haven't updated the splunkbase page yet.
  2. Make sure BOTH APIs are enabled ( I think documentation only has 1 listed - gotta update that - bad developer, bad) a. Admin SDK b. Apps Activity API
  3. Follow the OAuth authorization instructions. Make sure a credential was written to the local folder of the App.
  4. You found me on Slack. Good Job! Go You! Welcome to the Splunk Community!
  5. Also you are on IRC! Yay!
  6. Contact me via Email/Slack/IRC with any questions, comments, rants, reviews, or weather conditions.
  7. Did you check _internal logs? There are a few for this App. ( Methings ga.py is one of them, but look at the sources in _internal to make sure).
  8. Profit?

As always, upvote often, accept regularly, and always define your crane.

View solution in original post

alacercogitatus
SplunkTrust
SplunkTrust

Hi! Developer here. A few things:

  1. Yes, 6.4 should work. I just haven't updated the splunkbase page yet.
  2. Make sure BOTH APIs are enabled ( I think documentation only has 1 listed - gotta update that - bad developer, bad) a. Admin SDK b. Apps Activity API
  3. Follow the OAuth authorization instructions. Make sure a credential was written to the local folder of the App.
  4. You found me on Slack. Good Job! Go You! Welcome to the Splunk Community!
  5. Also you are on IRC! Yay!
  6. Contact me via Email/Slack/IRC with any questions, comments, rants, reviews, or weather conditions.
  7. Did you check _internal logs? There are a few for this App. ( Methings ga.py is one of them, but look at the sources in _internal to make sure).
  8. Profit?

As always, upvote often, accept regularly, and always define your crane.

jselvi
Explorer

I didn't have the "Apps Activity API" permission added to my token.
I added it and now it works like a charm. Many thanks 🙂

goodsellt
Contributor

I've used the App successfully on 6.3.3 (haven't tried it on 6.4 yet), so I was wondering if you could go into a couple details for me like:

Did you go through the configuration process for the oAuth token and did it work successfully (aka you should be able to find the oAuth token file in the App folder on the disk)?

Is the index you've told Splunk & the App to store that info in getting any data at all? If so, just double check it is set as one of your "default" search indexes since I don't believe that app's queries use any specific index identifier.

0 Karma

dgrubb_splunk
Splunk Employee
Splunk Employee

You are correct on SplunkBase the Google Apps For Splunk is only rated for Splunk Enterprise 6.2. I would reach out to the developer via the Splunkbase page:

https://splunkbase.splunk.com/app/2714/

and click on the Contact Developer button. Ask them if they are making a version for 6.4.

0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...