Hi, we have installed G Suite App for Splunk. App permission is Global. All objects has global permissions as well.
But eventtypes and tags are not available outside the app, so I cannot map this data to CIM datamodels.
Should I modify /opt/splunk/etc/apps/GSuiteForSplunk/metadata/local.meta, like this:
access = read : [ * ], write : [ admin ]
export = system
owner = nobody
version = 7.1.2
modtime = 1547719510.122789000
Splunk ES allows only TA- apps, need to install https://splunkbase.splunk.com/app/3792/ as well.
View solution in original post