All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

"Expected string or buffer" error on GSuite Input Add-on for Splunk

vik_splunk
Communicator
‎04-10-2019 04:36 AM

I have attempted to set this input add-on for quite some time without any luck. Below are the steps I have performed thus far.

Input Add-on version : Latest(1.3.1)

  1. In the existing project in https://console.developers.google.com/ , had a super admin create Client ID and Client Secret by navigating to API Project  APIs & Auth  Credentials. Create Client ID  Other -[Please help verify if we should choose other or web application. If it’s a web app, what URI should be used as the calling application?. We did not have to create a service account in the process but just a client ID and secret]

  2. Had the super admin enable the Admin SDK API and the Google Drive API. Also, had the super admin enable the below scopes.
    admin.reports.audit.readonly,admin.reports.usage.readonly,analytics.readonly,admin.directory.user.readonly,admin.directory.device.chromeos.readonly,drive.metadata.readonly,bigquery and cloud-platform

2-3 bullet points on the google admin dev console setup would help.

  1. In the input add-on, setup the proxy under the name gapps_proxy without SSL and proxy policy change was done to allow traffic without authentication. Oddly we don’t see any logs in the proxy saying there’s a call from the server but we see that the Admin SDK call count increases in developer console with errors. Unable to view the errors.

  2. We then input our domain, client and secret and had the super admin authorize the app. We get the messages “Credentials successfully written to store”. We do see a credential entry in the credential tab?. (Does this require us to save the changes by clicking save at the bottom?)

  3. We then create a new input using Create new Gsuite input with custom index, Activity – Admin selected with 600 as interval with the proxy gapps_proxy setup in Step 3.

  4. Almost immediately, we see the below error in Splunk.
    <{"log_level": "ERROR", "modular_input_consumption_time": "Wed, 10 Apr 2019 09:11:01 +0000", "timestamp": "Wed, 10 Apr 2019 09:11:01 +0000", "errors": [{"filename": "ga.py", "msg": "expected string or buffer", "line": 103, "exception_arguments": "expected string or buffer", "input_name": "ga://gci_poc", "exception_type": "TypeError"}]}>

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

alacercogitatus
SplunkTrust
SplunkTrust
‎04-10-2019 10:00 AM

This is first and foremost, most likely to be caused by co-location of the IA, TA, and App. Remove all except the App. Configure that. This only applies in standalone instance configurations.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

vik_splunk
Communicator
‎04-11-2019 09:26 AM

Thanks @alacercogitatus for your inputs. A slight rewording of the documentation or promoting this to the top of the documentation would be wonderful!

0 Karma
Reply
Solved! Jump to solution
Solution

alacercogitatus
SplunkTrust
SplunkTrust
‎04-10-2019 10:00 AM

This is first and foremost, most likely to be caused by co-location of the IA, TA, and App. Remove all except the App. Configure that. This only applies in standalone instance configurations.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...