All Apps and Add-ons

Why can I not collect google drive logs by using G Suite For Splunk?

syokota_splunk
Splunk Employee
Splunk Employee

I setup G Suite app and TA in single Splunk server (7.0.0) to collect google drive access log among of all team usage.

I setup step by step like below

  1. Install App and TA
  2. Setup Client ID and Client Secret
  3. Setup Authorized step1 and step2
  4. Create a new input (check only Activity - Drive) alt text
  5. Error messages was appeared alt text

What is the meaning of ga.py error?

When I type below command with CLI, then no response after a minute and type Ctrl+C, error message was appeared.

[root@ip-172-31-16-21 bin]# /opt/splunk/bin/splunk cmd python ga.py 
^CTraceback (most recent call last):
  File "ga.py", line 246, in <module>
    run()
  File "ga.py", line 74, in run
    MI.start()
  File "/opt/splunk/etc/apps/GSuiteForSplunk/bin/ModularInput.py", line 468, in start
    self.run()
  File "/opt/splunk/etc/apps/GSuiteForSplunk/bin/ModularInput.py", line 477, in run
    self._config = self._get_config()
  File "/opt/splunk/etc/apps/GSuiteForSplunk/bin/ModularInput.py", line 387, in _get_config
    config_str = sys.stdin.read()
KeyboardInterrupt
Does anyone know how to solve this type of error?
0 Karma
1 Solution

alacercogitatus
SplunkTrust
SplunkTrust

Hi, app author here. What is the actual error? Expand the JSON and ping me in slack with the actual error message.
Additionally, you can't run the modular input from the command line with out some additional items to pull the configuration. So the fact that is stops atsys.stdin.read() is indicative of correct operation.

View solution in original post

0 Karma

alacercogitatus
SplunkTrust
SplunkTrust

Hi, app author here. What is the actual error? Expand the JSON and ping me in slack with the actual error message.
Additionally, you can't run the modular input from the command line with out some additional items to pull the configuration. So the fact that is stops atsys.stdin.read() is indicative of correct operation.

0 Karma

bernardoortega
Path Finder

Hello @alacercogitatus.

I have an error on splunk on SHs :
servername.xxx.xxx] Eventtype 'gsuite_internal' does not exist or is disabled.

The eventype do exist if i look on search heads. I did use the HF for the collector to send to idx.

On SH, with the non configured app, we have that eventtype:
index=internal sourcetype=ga*

On HF with the collector add-on:
same eventtype enabled as on SH

thanks

0 Karma

syokota_splunk
Splunk Employee
Splunk Employee

Finally I did it because of @alacercogitatus.
I need to separate install App and IA add-on, App into SH and IA into HF.
Then, modular inputs set both "google:drive report" and "other report", separately.

0 Karma

hoangnguyen
Explorer

Hi Syokota,

I am in a Splunk project which need to integrate G Suite/G Sheets with Splunk Enterprise. Could you help to send me the guide to do that?
My mail is hoangnlm1511@gmail.com.
Thanks so much in advance.

0 Karma

syokota_splunk
Splunk Employee
Splunk Employee

Hi hoangnguyen,
Sorry I only have the instruction guide in Japanese.

G Suite
https://qiita.com/odorusatoshi/items/6874a983e37cad423fbf

Google Spread sheet
https://qiita.com/odorusatoshi/items/2d00edbd074c9b267195

Hope you help.

0 Karma

hoangnguyen
Explorer

It is good enough.
Thank you for sharing.

0 Karma

hoangnguyen
Explorer

Hi Syokota,

I have followed your guide but only GSuiteForSplunk:error sourcetype we can get:

{"errors": [{"exception_type": "AttributeError", "filename": "ga.py", "msg": "'NoneType' object has no attribute 'tb_frame'", "line": 108, "exception_arguments": "'NoneType' object has no attribute 'tb_frame'", "input_name": "ga://gsuit_sarakura"}], "log_level": "ERROR", "timestamp": "Tue, 28 May 2019 02:39:27 +0000", "modular_input_consumption_time": "Tue, 28 May 2019 02:39:27 +0000"}

Please advise how to fix. Thank you so much.

0 Karma
Get Updates on the Splunk Community!

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...

Edge Processor Scaling, Energy & Manufacturing Use Cases, and More New Articles on ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Get More Out of Your Security Practice With a SIEM

Get More Out of Your Security Practice With a SIEMWednesday, July 31, 2024  |  11AM PT / 2PM ETREGISTER ...