@ColinJacksonPS Sorry about the late response on this one. Do you have the GSuite for Splunk Add-on installed on the HF as well? There is a dependency on that add-on for the authorization process.
@CSULeigh Yes, it definitely will. Hopefully by the end of the month.
I recently had a similar requirement at a customer. I couldn't find anything to do what I wanted, so I wrote some scripts to do this.
The scripts are now available through the Gmail Audit add-on on Splunkbase:
I just tried your add-on. I think it's different than documented in your blogpost: https://nvonkorff.github.io/splunk/gmail/audit/2019/06/23/Gmail_Audit_TA.html
I never got to the authorize steps inside the TA_gmail_audit app. Just the creds page and set up inputs with the HEC token.
I'm on Splunk Cloud, but installed this on a local HF. Any advice?
There is an App an TA and an input TA for G Suite check them if there include what you are looking for https://splunkbase.splunk.com/apps/#/search/G%20Suite/
You can find a documentation in the details tab of the app
Thanks for the response, I have tried to use this APP to collect G Suite email tracking logs, but seems it doesn't support relative email api, the APP can get the logs of G Suite Drive, but no gmail logs...