sure, can help....first of all, can you help with: 1) can you confirm that audit logs / pub sub is ingested with sourcetype "google:gcp:pubsub:message". 2) can you confirm how you are ingesting logs, metrics and asset inventory 3) have you set indexed extractions to use faster tstats searches?
... View more
Maybe worth looking at this app - https://splunkbase.splunk.com/app/5404/ Its a template with dashboards and reports that will help starting to work with GCP logs.
... View more
Amazon Kinesis Firehose requires HTTP Event Collector (HEC) endpoint to be terminated with a valid CA-signed certificate matching the DNS hostname used to connect to your HEC endpoint.
Note the requirements in the docs - "You must use a trusted CA-signed certificate. Self-signed certificates are not supported."
http://docs.splunk.com/Documentation/AddOns/released/Firehose/Hardwareandsoftwarerequirements
(you can use AWS Certificate Manager)
... View more
If you edit the lambda function code as follows:
Find
const SplunkLogger = require('./../../../../../splunk-cloudwatch-logs-processor/lib/mysplunklogger');
and replace with
const SplunkLogger = require('./lib/mysplunklogger');
I just tried on a test instance and that worked.
... View more