All Apps and Add-ons

Splunk Add-on for Google Cloud Platform: How is the data coming?

alanzchan
Path Finder

I recently installed and configured this TA. For the configurations portion, only a JSON key from a GCP service account is needed; Splunk will then automatically scan for GCP projects and subscriptions. After selecting the desired project and subscriptions, Splunk is indexing data.

How exactly does this work? I was expecting there would be some firewall rules/ports that need to be configured before external data could be indexed.

0 Karma
1 Solution

timonix
Explorer

It is utilizing publically accessible GCP API and a service account with permissions to access that API setup on the desired project.

View solution in original post

0 Karma

sathwikr076
Communicator

@alanzchan can you please let me know where did you do all these configuration on search head or on indexer.

Thanks.

0 Karma

tyron_
Explorer

You should log this as a new question. But the answer is: neither. You should install the add-on on the heavy forwarders for data collection. Please refer to: https://docs.splunk.com/Documentation/AddOns/released/GoogleCloud/installation

sathwikr076
Communicator

Thanks for the reply.

0 Karma

timonix
Explorer

It is utilizing publically accessible GCP API and a service account with permissions to access that API setup on the desired project.

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...