Solved: Re: Splunk Add-on for Google Cloud Platform: How i...

alanzchan · ‎04-04-2019

I recently installed and configured this TA. For the configurations portion, only a JSON key from a GCP service account is needed; Splunk will then automatically scan for GCP projects and subscriptions. After selecting the desired project and subscriptions, Splunk is indexing data.

How exactly does this work? I was expecting there would be some firewall rules/ports that need to be configured before external data could be indexed.

timonix · ‎04-10-2019

It is utilizing publically accessible GCP API and a service account with permissions to access that API setup on the desired project.

View solution in original post

sathwikr076 · ‎08-08-2019

@alanzchan can you please let me know where did you do all these configuration on search head or on indexer.

Thanks.

tyron_ · ‎11-20-2019

You should log this as a new question. But the answer is: neither. You should install the add-on on the heavy forwarders for data collection. Please refer to: https://docs.splunk.com/Documentation/AddOns/released/GoogleCloud/installation

sathwikr076 · ‎11-25-2019

Thanks for the reply.

timonix · ‎04-10-2019

It is utilizing publically accessible GCP API and a service account with permissions to access that API setup on the desired project.

Splunk Add-on for Google Cloud Platform: How is the data coming?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Observability Simplified: Combining User Experience, Application Performance & ...

Event Series May & June: From Network Visibility to Service Intelligence

Join the Conversation