Solved: Splunk G Suite tags and eventtypes are not availab...

rus7ambts · ‎01-17-2019

Hi, we have installed G Suite App for Splunk. App permission is Global. All objects has global permissions as well.

But eventtypes and tags are not available outside the app, so I cannot map this data to CIM datamodels.

Should I modify /opt/splunk/etc/apps/GSuiteForSplunk/metadata/local.meta, like this:

[tags/sourcetype%3Dgapps%253Areport%253Alogin/authentication]
access = read : [ * ], write : [ admin ]
export = system
owner = nobody
version = 7.1.2
modtime = 1547719510.122789000

Search example:

sourcetype="gapps:report:login"

rus7ambts · ‎01-18-2019

Splunk ES allows only TA- apps, need to install https://splunkbase.splunk.com/app/3792/ as well.

View solution in original post

rus7ambts · ‎01-18-2019

Splunk ES allows only TA- apps, need to install https://splunkbase.splunk.com/app/3792/ as well.

Splunk G Suite tags and eventtypes are not available outside the app

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Splunk App Dev Community Updates – What’s New and What’s Next

The Latest Cisco Integrations With Splunk Platform!

Are you a member of the Splunk Community?

Splunk G Suite tags and eventtypes are not available outside the app

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Splunk App Dev Community Updates – What’s New and What’s Next

The Latest Cisco Integrations With Splunk Platform!