The Splunk Add-on for Google Cloud Platform is critical to my deployment. Is there a 6.6 version yet or does the 6.5 version have any issues with 6.6?
We ran into issues trying to get the GCP Splunk Add-on working with our 7.0 environment. We had everything configured by-the-book, but we weren't getting any events into our newly created 'gcp' index. We found this is the error from the splunk_ta_google_pubsub_util.log log:
"2017-12-21 15:10:06,109 ERROR pid=12312 tid=Thread-2 file=event_writer.py:write_events:268 | Failed to post events to
HEC_URI=https://127.0.0.1:8088/services/collector, error_code=400, reason={"text":"Invalid data format","code":6,"invalid-event-number":0}"
Splunk support had us add the following to the $SPLUNK_HOME/etc/apps/Splunk_TA_googlecloudplatform/local/google_global_settings.conf file on our HF:
[global_settings]
use_hec = 0
...then after restarting the Splunk service and having our GCP-Project guy generate an event on his side, it worked! We were receiving searchable events to the 'gcp' index!
I hope this helps someone!
We are also experiencing problem with Google Cloud.
tid=MainThread file=ta_common.py:get_configs:111 | Data collection for google_cloud_monitor is not fully configured. Do nothing and quit the TA.