All Apps and Add-ons

Splunk Add-on for Google Cloud Platform: How is the data coming?

alanzchan
Path Finder

I recently installed and configured this TA. For the configurations portion, only a JSON key from a GCP service account is needed; Splunk will then automatically scan for GCP projects and subscriptions. After selecting the desired project and subscriptions, Splunk is indexing data.

How exactly does this work? I was expecting there would be some firewall rules/ports that need to be configured before external data could be indexed.

0 Karma
1 Solution

timonix
Explorer

It is utilizing publically accessible GCP API and a service account with permissions to access that API setup on the desired project.

View solution in original post

0 Karma

sathwikr076
Communicator

@alanzchan can you please let me know where did you do all these configuration on search head or on indexer.

Thanks.

0 Karma

tyron_
Explorer

You should log this as a new question. But the answer is: neither. You should install the add-on on the heavy forwarders for data collection. Please refer to: https://docs.splunk.com/Documentation/AddOns/released/GoogleCloud/installation

sathwikr076
Communicator

Thanks for the reply.

0 Karma

timonix
Explorer

It is utilizing publically accessible GCP API and a service account with permissions to access that API setup on the desired project.

0 Karma
Get Updates on the Splunk Community!

Exporting Splunk Apps

Join us on Monday, October 21 at 11 am PT | 2 pm ET!With the app export functionality, app developers and ...

Cisco Use Cases, ITSI Best Practices, and More New Articles from Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Build Your First SPL2 App!

Watch the recording now!.Do you want to SPL™, too? SPL2, Splunk's next-generation data search and preparation ...