hi - we have installed Splunk Add-on for GCP and I just wanted to know, where does the data in cloud monitoring comes from? is it the same data in google:gcp:monitoring sourcetype ? does the data comes from Stackdriver ?
thanks!
From what I can tell, you need one service account with the correct permissions to authenticate to the project and you will also need to enable the various API endpoints in GCP that you wish Splunk to connect with and retrieve data.
It is my understanding that the google:gcp:monitoring data comes from these API endpoints. Other data input can be cloud storage (see the billing reports documentation of the splunk add-on) as well as cloud pubsub.
https://docs.splunk.com/Documentation/AddOns/released/GoogleCloud/Sourcetypes
@AzmathShaik you answer does not reflect here 🙂
thanks...I'm not that familiar with GCP so i'll ask if we create new input as cloud monitoring, do we need to have/create new service account , Pub/Sub subscription and sink?
I do not think you need to create a new service account and pubsub sink. You only need the pubsub sink if you're data is coming from pubsub and not cloud monitor. You only need one service account to authenticate to the project you're getting the data from.