Close Menu
Splunk App Integration

Google Cloud-Platform & Splunk Integration

Terry WhiteBy Updated:No Comments3 Mins Read

Hot to do Google Cloud-Platform & Splunk Integration?

With this article, you will be shown how you can integrate Google-Cloud Platform data to Splunk with the help of “Splunk-add-on for the google-cloud platform”.

These five inputs are available in this application:

  1. Cloud Billing
  2. Cloud Monitoring
  3. Cloud-storage Bucket
  4. Cloud Pub/Sub
  5. Resource Metadata

Now we’ll have a look at this blog the way we can get these logs in Splunk to evaluate respective GCP Servers.

Prerequisites:

  • Require to have a working Google Cloud account
  • You need to have sc_admin or admin privilege
  • Required is the “Editor” or the “Owner” of this project present in GCP which pushes information from GCP to Splunk.
  • You require getting access to GCP-IAM.

This allows one to begin the process step-wise.

Step 1

Set up a Google-cloud service account. You can click on the link below and open the “Service-account page”.

Do not forget to enroll with a Gmail/mail which has access to GCP. After that, select the Project, that you need to monitor.

Then Click “Create-Service-Account

Name: <give a name to a service account>

Now select “ADD-KEY” & select “Create-New-Key

Then choose JSON & Create.

Immediately one click on creating it will download JSON-file, & open the file which looks like this.

This is a JSON file that has all the needed credentials including “client_id”, “private_key”, and “client_email”.

Step 2

Create a SUB/PUB Subscription

At the search bar which is available at “GCP”, key in “pub/sub” & select “PUB/SUB Subscription”.

Click on “Create Topic” & make a topic known as “ABC

Immediately you create the topic “subscriptions” it will be made with a similar name.

Step 3

Install “Splunk-Add-on for Google-Cloud Platform” & configure

After that, you can log in to the Splunk instance using your credentials.

Click on “Find-More-Apps

Example 1

$ curl \
    --request POST \
    --header "X-SF-TOKEN: <SESSION_TOKEN>" \
    --header "Content-Type: application/json" \
    --data '{
        "type" : "GCP",
        "name" : "<INTEGRATION_NAME>",
        "pollRate" : <POLL_RATE>,
        "services" : ["<SERVICE>",...],
        "includeList": ["<METADATA_NAME>",...],
        "projects" : [
            {
                "projectId": "<PROJECT_ID>",
                "projectKey": "<PROJECT_KEY>"
            },
            ...
        ]
    }' \
    https://api.<REALM>.signalfx.com/v2/integration

The response object for a successful request is similar to the following:

{
    "type": "GCP",
    "name" : "<INTEGRATION_NAME>",
    "pollRate" : <POLL_RATE>,
    "services" : ["<SERVICE>",...],
    "includeList": ["<METADATA_NAME>",...],
    "id" : "<INTEGRATION_ID>",
    "projectServiceKey" : [
        {
            "projectId": "<PROJECT_ID>"
        },
        ...
    ],
    "created": <CREATED_TIMESTAMP>,
    "creator": "<CREATOR_ID>",
    "lastUpdated": <UPDATED_TIMESTAMP>,
    "lastUpdatedBy": "<UPDATER_ID>"
}

FAQs

What is the main use of Splunk?

Monitoring and searching through big data

What is Splunk in simple terms?

Splunk is a software platform widely used for monitoring, searching, analyzing, and visualizing machine-generated data in real-time.

Does Google use Splunk?

Splunk and Google Cloud have partnered to help organizations ingest, normalize, and analyze data at scale.

How does Splunk store data?

Splunk stores data in indexes organized in a set of buckets by age.

Share.

Terry White is a professional technical writer, WordPress developer, Web Designer, Software Engineer, and Blogger. He strives for pixel-perfect design, clean robust code, and a user-friendly interface. If you have a project in mind and like his work, feel free to contact him

Related Posts

Leave A Reply