GCP logs to Splunk

GCP System Level logs and Audit logs are different from the application's own geenrated logs.

Both of these categories of logs can be exported out of the Compute Engine / GCP Platform.

To export these to Splunk, you have two options. One of these requires a PaaS Service (Google Pub Sub) and the other requires a simple API based access method.

Push-based method: data is sent to Splunk HTTP Event Collector (HEC) through aPub/Sub to Splunk Dataflow job.
Pull-based method: data is fetched from Google Cloud APIs through the Splunk Add-on for Google Cloud Platform.

Need an experienced AWS/GCP/Azure Professional to help out with your Public Cloud Strategy? Set up a time with Anuj Varma.

No Comments Yet

Leave a Reply Cancel reply