Skip to main content


Splunk Lantern

Google: PubSub


Google Pub/Sub is used for streaming analytics and data integration pipelines to ingest and distribute data. It enables the user to create systems of event producers and consumers, called publishers and subscribers. Publishers communicate with subscribers asynchronously by broadcasting events to the Pub/Sub service. Pub/Sub then delivers events to all services that need to react to them. In the Common Information Model, Google Pub/Sub data can be mapped to the Authentication data model.


Guidance for onboarding data can be found in the Spunk Documentation: 

Refer to the documentation, and note the following:

  • Add-on: Splunk Add-on for Google Cloud Platform
  • Source types:google:gsuite:pubsub:audit:auth; google:gcp:pubsub:audit:auth; google:gcp:pubsub:message; google:gcp:pubsub:log
  • Inputs: A google_pubsub_inputs.conf file with Pub/Sub project IDs and subscription names.


When your Splunk deployment is ingesting Google Pub/Sub data, you can use the data to achieve the following: