×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
splunk_w_ro
Explorer
Member since: ‎05-27-2022
‎08-08-2022
Community Statistics
Posts 4
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎05-27-2022
View All

Re: Why is Splunk Add-on for Google Workspace inpu...

by in Getting Data In
‎08-08-2022 07:02 AM
‎08-08-2022 07:02 AM
The service account used for this integration needs to have the super admin role as @ostap_med noted. It also needs to match the account in the JSON key that is used when setting up the account within the Splunk TA for Google Workspace ... View more

Why is Splunk Add-on for Google Workspace inputs g...

by in Getting Data In
‎06-22-2022 01:13 PM
‎06-22-2022 01:13 PM
I have configured the Splunk Add-on for Google Workspace on a Heavy Forwarder that is performing data collection and then forwarding the data to Splunk Cloud. We followed the instructions at https://docs.splunk.com/Documentation/AddOns/released/GoogleWorkspace/About both when configuring the Google Cloud service account and configuring the Add-On. I configured the Add-On with the Google Cloud service account with the JSON key generated on console.cloud.google.com and then configured the inputs. We are not getting any data and when we look at the internal logs from the Heavy Forwarder where the Splunk Add-on for Google Workspace is deployed we are seeing 401 responses like the following:         requests.exceptions.HTTPError: 401 Client Error: Unauthorized for url: https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/token?maxResults=1000&startTime=2022-06-22T19%3A07%3A10.464Z&endTime=2022-06-22T19%3A07%3A10.464Z requests.exceptions.HTTPError: 401 Client Error: Unauthorized for url: https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/drive?maxResults=1000&startTime=2022-06-22T19%3A07%3A10.521Z&endTime=2022-06-22T19%3A07%3A10.521Z         We also went through the troubleshooting section of the docs: https://docs.splunk.com/Documentation/AddOns/released/GoogleWorkspace/Troubleshoot to no avail Any guidance from some one who has deployed the GWS Add-On and gotten a 401 after configuring the inputs will be greatly appreciated ... View more
Labels

Re: Cortex XDR Alerts into Splunk

by in Getting Data In
‎05-31-2022 07:15 AM
‎05-31-2022 07:15 AM
Thanks for getting back to me - per the PAN documentation (https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/logs), it looks like alerts can be sent to a syslog receiver. It's disappointing that you can't get those using an input within the PAN TA. Thanks! ... View more

Re: Cortex XDR Alerts into Splunk

by in Getting Data In
‎05-27-2022 01:46 PM
‎05-27-2022 01:46 PM
Hi @bharathkumarnec, I have the need to ingest Cortex XDR logs into Splunk - are you using Splunk Connect for Syslog to ingest this data? Thanks! ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎08-08-2022 10:23 AM
Karma given to
View All