Because this add-on runs on the Splunk platform, all of the system requirements apply to the Splunk software used by the customer.
$SPLUNK_HOME/etc/deployment-apps/Splunk_TA_google-cloudplatform/local
google_credentials.conf
using the following template[Test_Blog]
google_credentials = <This is a Key provided by user>
# Google service account key that is in json format and can be downloaded from Google admin consoleFollow these steps to configure Cloud Pub/Sub inputs.
google_pubsub_inputs.conf
under $SPLUNK_HOME/etc/deployment-apps/Splunk_TA_google-cloudplatform/local
[Test_Blog]
google_credentials_name = <value>
#Stanza name defined in `google_credentials.conf` (Make sure it is derived from credential name)
google_project = <value>
#This will be given by user (Please note that Project is mandatory in order to create any input, else there will be error for EXEC PROCESSOR which is via modular input.)
google_subscriptions = <value>
#This will be given by user (Please note that Subscription must be associated with Project)
index = <google_cloud_staging>
#This is a separate index for indexing google cloud data.
Here I have created a Subscription with name Demo where we will publish the data in Splunk.
Blog_Subscription
By using above method team can simply onboard the inputs for Google Cloud addon data for Pub/Sub inputs. Kindly reach us to know if in case anyone has any questions with the same.
Happy Splunking !!
Rishabh is currently working as Splunk and Security Professional Services Consultant at Crest Data Systems. Rishabh has been consulting with Fortune 500 and global enterprise customers and has been an active member of Cyber Security and Infrastructure Reliability communities for 6+ years. Rishabh is an accredited consultant for Splunk Core, Splunk Enterprise Security, Splunk UBA for SIEM and Phantom for SOAR based applications. He has been a frequent speaker at DefCon and other Cyber Security Conferences.