All Apps and Add-ons

Google Apps for Splunk: Why is the authorization step failing?

blueteq
Engager

Hi,

New to Splunk and managed to get it up and running today after a brief introduction in Splunk Sales Training.

I want to add Google Apps as a source and installed the Google Apps For Splunk App. All goes well until I try to Authorize the App.

Following the process, I get to the point I need to complete the authorization step where I get redirected to Google and accept the access to Google Apps for Work from Splunk. This part works with the output:
Credentials Written to "/opt/splunk/etc/apps/GoogleAppsForSplunk/local/GoogleApps.blueteq.net.cred"

Then I get the token and paste it in and when I click "Done" the following error shows up:

[Errno 2] No such file or directory: '/opt/splunk/etc/apps/GoogleAppsForSplunk/local/flowtmp'

alt text
I removed App and installed it again.
Splunk installed on Ubuntu 14.04 64bit.
2GB Ram and 2 Cores KVM

0 Karma
1 Solution

alacercogitatus
SplunkTrust
SplunkTrust

Being that you have successfully written a Credential file out, then most likely you are good to go. The Authorization process is a two step process. First, enter the domain, Client ID, and Client Secret. Click the Green Button 1 (one) time. This will open a new window where you Grant access to the App to consume the data. You will see the authorization token, copy that, paste it back into the credential page (without refreshing the credential page), and click the button again.

I believe you have done this. I believe it has worked. You may have hit a bug. Contact me via email or IRC (#splunk on efnet.org).

Try adding an input (Settings > Data Inputs > Google Apps For Splunk). If you see data, then it worked.

Edit

So a few things happened here. You authorized correctly, well done! The problems was the inputs. I ship the default configs to make it easy, but you have to change the domain names to have it work for your domain.

The other problem was API enablement. The Admin Reports API must be enabled in https://console.developers.google.com for the input to work.

Also - If you aren't seeing data you expect, or only starting from when you got the inputs configured correctly, try this command on CLI :

rm /opt/splunk/var/lib/splunk/modinputs/ga/*

This will remove the checkpoint files for the inputs and cause Splunk to consume the last years worth of data from Google.

View solution in original post

alacercogitatus
SplunkTrust
SplunkTrust

Being that you have successfully written a Credential file out, then most likely you are good to go. The Authorization process is a two step process. First, enter the domain, Client ID, and Client Secret. Click the Green Button 1 (one) time. This will open a new window where you Grant access to the App to consume the data. You will see the authorization token, copy that, paste it back into the credential page (without refreshing the credential page), and click the button again.

I believe you have done this. I believe it has worked. You may have hit a bug. Contact me via email or IRC (#splunk on efnet.org).

Try adding an input (Settings > Data Inputs > Google Apps For Splunk). If you see data, then it worked.

Edit

So a few things happened here. You authorized correctly, well done! The problems was the inputs. I ship the default configs to make it easy, but you have to change the domain names to have it work for your domain.

The other problem was API enablement. The Admin Reports API must be enabled in https://console.developers.google.com for the input to work.

Also - If you aren't seeing data you expect, or only starting from when you got the inputs configured correctly, try this command on CLI :

rm /opt/splunk/var/lib/splunk/modinputs/ga/*

This will remove the checkpoint files for the inputs and cause Splunk to consume the last years worth of data from Google.

blueteq
Engager

Thank you, fantastic support!
Works really well.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...