Why did we experience a Log drop from Gsuite?

akasmika · ‎03-29-2022

Hi Splunkers,

We are streaming google app logs to splunk in distributed environment. We have G suite for Splunk app on SH and Input add-on on Heavy forwarder. I am seeing log drop on a particular day for about 2 hrs and then the logging has turned normal. Unable to identify the reason for the same.

Also the g suite application health dashboard shows the below error,

@alacercogitatus , could you please help me identify the cause for logs drop and how to fix these errors?

alacercogitatus · ‎03-29-2022

I'd need app name and version. "G Suite" is not supported. "Google Workspace" is. You can also shoot me an email at the listed https://splunkbase.splunk.com/app/5498/ and we can triage there. But I need the app and version first to correlate that line number. Thanks!

akasmika · ‎03-29-2022

App and Version on SH: https://splunkbase.splunk.com/app/3791/ (1.4.2)

Input add-on on HF and version: https://splunkbase.splunk.com/app/3793/ (1.4.2)

alacercogitatus · ‎03-29-2022

Those aren't supported due to Python2 and "old sdk" from google. Please upgrade and see if you still get that drop. Thanks!

akasmika · ‎03-29-2022

@alacercogitatus , the app or add-on version we have is the latest one I can see on splunk base(1.4.2) What surprises me is the logs have not stop completely but only for sometime. How can python or old sdk be the cause while it is working partially.

Why did we experience a Log drop from Gsuite?

heavy forwarder

modular input

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms