All Apps and Add-ons

Splunk G Suite tags and eventtypes are not available outside the app

rus7ambts
Explorer

Hi, we have installed G Suite App for Splunk. App permission is Global. All objects has global permissions as well.

But eventtypes and tags are not available outside the app, so I cannot map this data to CIM datamodels.

Should I modify /opt/splunk/etc/apps/GSuiteForSplunk/metadata/local.meta, like this:

[tags/sourcetype%3Dgapps%253Areport%253Alogin/authentication]
access = read : [ * ], write : [ admin ]
export = system
owner = nobody
version = 7.1.2
modtime = 1547719510.122789000

Search example:

sourcetype="gapps:report:login"
0 Karma
1 Solution

rus7ambts
Explorer

Splunk ES allows only TA- apps, need to install https://splunkbase.splunk.com/app/3792/ as well.

View solution in original post

0 Karma

rus7ambts
Explorer

Splunk ES allows only TA- apps, need to install https://splunkbase.splunk.com/app/3792/ as well.

0 Karma
Get Updates on the Splunk Community!

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...

Ready, Set, SOAR: How Utility Apps Can Up Level Your Playbooks!

 WATCH NOW Powering your capabilities has never been so easy with ready-made Splunk® SOAR Utility Apps. Parse ...