We ran into issues trying to get the GCP Splunk Add-on working with our 7.0 environment. We had everything configured by-the-book, but we weren't getting any events into our newly created 'gcp' index. We found this is the error from the splunk_ta_google_pubsub_util.log log: "2017-12-21 15:10:06,109 ERROR pid=12312 tid=Thread-2 file=event_writer.py:write_events:268 | Failed to post events to HEC_URI=https://127.0.0.1:8088/services/collector, error_code=400, reason={"text":"Invalid data format","code":6,"invalid-event-number":0}" Splunk support had us add the following to the $SPLUNK_HOME/etc/apps/Splunk_TA_googlecloudplatform/local/google_global_settings.conf file on our HF: [global_settings] use_hec = 0 ...then after restarting the Splunk service and having our GCP-Project guy generate an event on his side, it worked! We were receiving searchable events to the 'gcp' index! I hope this helps someone! ... View more

I'm having the same problem as jchamb above. I just installed Splunk 6.5.0 and all the dropdowns are gone and there is no functionality. I have no dashboards, reports metrics, etc. The only drop down is for "Default View". "Dashboards and Views", "Searches and Reports" and "Agent Management" are all gone. Here's a pic: ... View more

Hi @jchamb - Did one of the answers below help provide a solution to your question? If yes, please don't forget to click "Accept" below the best answer and up-vote any answer that was helpful. If no, please provide some more feedback by leaving a comment. Thanks! ... View more

Thank you. This is what I've deployed until Splunk gets the add-on itself fixed. ... View more