All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to retrieve G Suite email tracking logs to Splunk?

nieyf
New Member
‎01-20-2019 02:18 AM

Hi,

Is it possible to collect email audit logs from G Suite to Splunk?

Thanks.

Tags (1)
0 Karma
Reply

nvonkorff
Path Finder
‎05-13-2020 04:51 PM

@ColinJacksonPS Sorry about the late response on this one. Do you have the GSuite for Splunk Add-on installed on the HF as well? There is a dependency on that add-on for the authorization process.

@CSULeigh Yes, it definitely will. Hopefully by the end of the month.

0 Karma
Reply

nvonkorff
Path Finder
‎07-01-2019 03:32 PM

Hi @nieyf

I recently had a similar requirement at a customer. I couldn't find anything to do what I wanted, so I wrote some scripts to do this.

The scripts are now available through the Gmail Audit add-on on Splunkbase:
https://splunkbase.splunk.com/app/4560/

0 Karma
Reply

nvonkorff
Path Finder
‎07-21-2019 06:28 PM

@nieyf Did you get a chance to try the add-on yet? Did this meet your needs? If so, please accept the answer. Cheers.

0 Karma
Reply

CSULeigh
Explorer
‎05-13-2020 12:21 AM

@nvonkoff Will the Gmail Audit add-on be updated to support Splunk 8.x?

Reply

ColinJacksonPS
Path Finder
‎02-25-2020 09:55 AM

I just tried your add-on. I think it's different than documented in your blogpost: https://nvonkorff.github.io/splunk/gmail/audit/2019/06/23/Gmail_Audit_TA.html

I never got to the authorize steps inside the TA_gmail_audit app. Just the creds page and set up inputs with the HEC token.
I'm on Splunk Cloud, but installed this on a local HF. Any advice?

0 Karma
Reply

dkeck
Influencer
‎01-20-2019 03:12 AM

Hi

There is an App an TA and an input TA for G Suite check them if there include what you are looking for https://splunkbase.splunk.com/apps/#/search/G%20Suite/

You can find a documentation in the details tab of the app

0 Karma
Reply

dkeck
Influencer
‎01-21-2019 12:35 AM

Please accept the answer if it helped you 🙂 thank you

0 Karma
Reply

ColinJacksonPS
Path Finder
‎02-25-2020 09:53 AM

Same thing here. I got a few gmail logs from the reports API, but stopped and I can't get it back. This is after reinstalls, reauthorizing, etc.

0 Karma
Reply

haimchibotero
Loves-to-Learn
‎05-12-2021 05:08 AM

Hi All,

hope you are doing well.

any luck to make this work . for some reason the authorization process is working great , but you can't save the info 

i tried this on 3 new installs one with version 8.1.3 and with 8.1.4 and with 8.1 even 

all is acting the same 😞

0 Karma
Reply

nieyf
New Member
‎01-21-2019 12:40 AM

Hi dkeck,

Thanks for the response, I have tried to use this APP to collect G Suite email tracking logs, but seems it doesn't support relative email api, the APP can get the logs of G Suite Drive, but no gmail logs...

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...