Also Read Types of GCP Logs

Logging, Monitoring, Debugging, Tracing are all part of Stackdriver (aka Operations Suite)

  • Project  level Logging by default.
  • Multi Level Project View or Single Project View
  • Can turn on Org Level or Folder Level Logging

What about Application Level Logs?

FluentD is the default VM agent that is used in GCP for app level logging.

Alternatives to FluentD?

Splunk Universal Forwarder is another option.

Application Level Logs - Comparing FluentD and Splunk Universal Forwarder

  1. write to stderr/stdout
  2. write to a fluentd instance on a known address ( but assumed to be on the same node for reliability )
  3. write to files in the container filesystem

Stack Specific Logs - e.g J2EE logs

  • Application logs
  • the tomcat logs, which can be controlled via tomcat configuration files
  • In on-docker systems, these are different files on the host OS.

When forwarded to splunk, they are processed using different parsers based on the location.

Splunk Cloud versus GCP Logs to BigQuery?

Push to Splunk or Pull from Splunk?

GCP recommends the push method.

HTTP Event Collector Support?

Splunk supports the Http Event Collector

How do you send it outside of the Google Platform?

All logs go to a log router by default.

Security Agents? CSPM Tools?

Prisma Cloud, Qualys Agent