I setup G Suite app and TA in single Splunk server (7.0.0) to collect google drive access log among of all team usage.
I setup step by step like below
What is the meaning of ga.py error?
When I type below command with CLI, then no response after a minute and type Ctrl+C, error message was appeared.
[root@ip-172-31-16-21 bin]# /opt/splunk/bin/splunk cmd python ga.py
^CTraceback (most recent call last):
File "ga.py", line 246, in <module>
run()
File "ga.py", line 74, in run
MI.start()
File "/opt/splunk/etc/apps/GSuiteForSplunk/bin/ModularInput.py", line 468, in start
self.run()
File "/opt/splunk/etc/apps/GSuiteForSplunk/bin/ModularInput.py", line 477, in run
self._config = self._get_config()
File "/opt/splunk/etc/apps/GSuiteForSplunk/bin/ModularInput.py", line 387, in _get_config
config_str = sys.stdin.read()
KeyboardInterrupt
Does anyone know how to solve this type of error?
Hi, app author here. What is the actual error? Expand the JSON and ping me in slack with the actual error message.
Additionally, you can't run the modular input from the command line with out some additional items to pull the configuration. So the fact that is stops atsys.stdin.read()
is indicative of correct operation.
Hi, app author here. What is the actual error? Expand the JSON and ping me in slack with the actual error message.
Additionally, you can't run the modular input from the command line with out some additional items to pull the configuration. So the fact that is stops atsys.stdin.read()
is indicative of correct operation.
Hello @alacercogitatus.
I have an error on splunk on SHs :
servername.xxx.xxx] Eventtype 'gsuite_internal' does not exist or is disabled.
The eventype do exist if i look on search heads. I did use the HF for the collector to send to idx.
On SH, with the non configured app, we have that eventtype:
index=internal sourcetype=ga*
On HF with the collector add-on:
same eventtype enabled as on SH
thanks
Finally I did it because of @alacercogitatus.
I need to separate install App and IA add-on, App into SH and IA into HF.
Then, modular inputs set both "google:drive report" and "other report", separately.
Hi Syokota,
I am in a Splunk project which need to integrate G Suite/G Sheets with Splunk Enterprise. Could you help to send me the guide to do that?
My mail is hoangnlm1511@gmail.com.
Thanks so much in advance.
Hi hoangnguyen,
Sorry I only have the instruction guide in Japanese.
G Suite
https://qiita.com/odorusatoshi/items/6874a983e37cad423fbf
Google Spread sheet
https://qiita.com/odorusatoshi/items/2d00edbd074c9b267195
Hope you help.
It is good enough.
Thank you for sharing.
Hi Syokota,
I have followed your guide but only GSuiteForSplunk:error sourcetype we can get:
{"errors": [{"exception_type": "AttributeError", "filename": "ga.py", "msg": "'NoneType' object has no attribute 'tb_frame'", "line": 108, "exception_arguments": "'NoneType' object has no attribute 'tb_frame'", "input_name": "ga://gsuit_sarakura"}], "log_level": "ERROR", "timestamp": "Tue, 28 May 2019 02:39:27 +0000", "modular_input_consumption_time": "Tue, 28 May 2019 02:39:27 +0000"}
Please advise how to fix. Thank you so much.