Hi Splunkers,
We are streaming google app logs to splunk in distributed environment. We have G suite for Splunk app on SH and Input add-on on Heavy forwarder. I am seeing log drop on a particular day for about 2 hrs and then the logging has turned normal. Unable to identify the reason for the same.
Also the g suite application health dashboard shows the below error,
@alacercogitatus , could you please help me identify the cause for logs drop and how to fix these errors?
I'd need app name and version. "G Suite" is not supported. "Google Workspace" is. You can also shoot me an email at the listed https://splunkbase.splunk.com/app/5498/ and we can triage there. But I need the app and version first to correlate that line number. Thanks!
App and Version on SH: https://splunkbase.splunk.com/app/3791/ (1.4.2)
Input add-on on HF and version: https://splunkbase.splunk.com/app/3793/ (1.4.2)
Those aren't supported due to Python2 and "old sdk" from google. Please upgrade and see if you still get that drop. Thanks!
@alacercogitatus , the app or add-on version we have is the latest one I can see on splunk base(1.4.2) What surprises me is the logs have not stop completely but only for sometime. How can python or old sdk be the cause while it is working partially.