This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

GMAIL Log Ingestion

Posted 4 weeks ago
ion_
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

How are others ingesting Gmail logs into Chronicle?

We've been sending them directly to BQ and querying them there for months, but would love to have the data available in Chronicle. AFAIK we can't access the logs that are exported to BQ through an API, so the only option is to push them into BQ and then send them to chronicle from there. Is that correct?

I've seen mention of exporting from BQ to GCS and then using a direct feed, is that the best bet? I'm not familiar with this pattern and worried that i'll deal with deduplication. 

2 1 59
Topic Labels
1 REPLY 1

Posted on --/--/---- --:-- AM
adam9
Staff
Reply posted on --/--/---- --:-- AM

If you have Workspace Enterprise, you can use the new direct Workspace integration to get Gmail logs. For more details, see https://cloud.google.com/chronicle/docs/ingestion/cloud/workspace-to-chronicle

Top Solution Authors
View all