Skip to content

Configure Cloud Storage inputs for Splunk Add-on for Google Cloud Platform

Configure Cloud Storage inputs for Splunk Add-on for Google Cloud Platform using Splunk Web or via configuration file, using the information in the inputs parameters table below.

Configure Cloud Storage inputs using the Splunk Web

  1. Click Create New Input in the Inputs tab, and then choose Resource Metadata, and then choose Cloud Storage.
  2. Enter the Name, Credentials, Projects, Buckets, APIs with suitable intervals, Index, and Sourcetype using the information in the inputs parameter table.
  3. Save your changes.

Do not navigate to the Splunk Add-on for Google Cloud Platform configuration page at Settings, and then Data Inputs to configure Google Cloud Platform inputs. This page is not supported for this type of input.

Configure Cloud Storage inputs using configuration file

  1. Create a file named google_cloud_resource_metadata_inputs_cloud_storage.conf under $SPLUNK_HOME/etc/apps/Splunk_TA_google-cloudplatform/local.

  2. Create stanzas using the following template. See the google_cloud_resource_metadata_inputs_cloud_storage.conf.spec file in $SPLUNK_HOME/etc/apps/Splunk_TA_google-cloudplatform/README for reference. 

    [<name>]
google_apis= <value>
google_credentials_name = <value>
google_project = <value>
bucket_name = <value>
index = <value>
sourcetype = <value>

    3. Save and return to your Splunk instance.

Restart your Splunk platform after making changes to configuration (.conf) files.

Input Parameters

Each attribute in the following table corresponds to a field in Splunk Web.

Attribute Corresponding field in Splunk Web Description
name Name Enter a unique name of the Cloud Storage input.
google_credentials_name Credentials The stanza name defined in google_cloud_credentials.conf
google_project Project Google project ID
bucket_name Bucket Google Bucket Name. To collect the data for BucketAccessControls,DefaultObjectAccessControls and ObjectAccessControls the bucket should be non-uniform. For more information, see the “Behavior when enabled” section of the Uniform bucket-level access topic in the Google Cloud documentation.
google_apis APIs Resources of Cloud Storage.
index Index The index in which Google Cloud Platform Data should be stored.
sourcetype Sourcetype Name of the sourcetype.