Skip to main content

 

Splunk Lantern

Google: PubSub

 

Google Pub/Sub is used for streaming analytics and data integration pipelines to ingest and distribute data. It enables the user to create systems of event producers and consumers, called publishers and subscribers. Publishers communicate with subscribers asynchronously by broadcasting events to the Pub/Sub service. Pub/Sub then delivers events to all services that need to react to them. In the Common Information Model, Google Pub/Sub data can be mapped to the Authentication data model.

Configuration

Guidance for onboarding data can be found in the Spunk Documentation: 

Refer to the documentation, and note the following:

  • Add-on: Splunk Add-on for Google Cloud Platform
  • Source types:google:gsuite:pubsub:audit:auth; google:gcp:pubsub:audit:auth; google:gcp:pubsub:message; google:gcp:pubsub:log
  • Inputs: A google_pubsub_inputs.conf file with Pub/Sub project IDs and subscription names.

Application

When your Splunk deployment is ingesting Google Pub/Sub data, you can use the data to achieve the following: