Configure self storage in GCP

To configure a new self storage location in GCP, you must create a Google Cloud Storage (GCS) bucket in your GCP environment and configure the GCS bucket as a new self storage location in the Splunk Cloud Platform UI. For detailed information on how to create and manage GCS buckets, see the GCP documentation.

Create a GCS bucket in your GCP environment

When creating a GCS bucket, follow these important configuration guidelines:

CAUTION: Bucket configurations that deviate from these configuration guidelines can incur unintentional GCS charges and interfere with DDSS successfully uploading objects to your GCS bucket.
  • Region: You must provision your GCS buckets in the same GCP region as your Splunk Cloud Platform deployment. Your GCP region depends on your location. For more information, see Available regions.
  • Bucket lock/bucket retention policy: Do not set a retention policy for your GCS bucket. The bucket lock/bucket retention policy feature is not compatible with the GCS parallel composite upload feature DDSS uses to transfer files to GCS buckets and can interfere with data upload. For more information on parallel composite uploads, see https://cloud.google.com/storage/docs/parallel-composite-uploads.
  • Default storage class: Make sure to use the Standard default storage class when you create your GCS bucket. Using other default storage classes can incur unintentional GCS charges.
  • Permissions: You must configure permissions for the 2 GCP service accounts associated with your Splunk Cloud Platform deployment. These service accounts are shown under GCP service account in the New Self Storage Location modal when you configure a new self storage location in Splunk Web.

To configure permissions for the GCP service accounts, you must assign the following predefined GCP roles to the 2 GCP service accounts using the GCP console:

Storage Legacy Bucket Writer

Storage Legacy Object Reader

For more information on GCP roles, see IAM roles for Cloud Storage in the GCP documentation.

  • Naming: Your GCS bucket name must include the prefix that Splunk Cloud Platform provides and displays in the UI under the GCP bucket name field. The following image shows an example of this prefix. This prefix contains your Splunk Cloud Platform ID, which is the first part of your Splunk Cloud Platform URL, and a 4-character string. The complete GCS bucket name has the following syntax:

Splunk Cloud ID-{4-character string}-{your bucket name}

The image shows the New Self Storage Location modal, with an example of the URL prefix that you must include when naming a new GCS bucket.

Configure a self storage location for the GCS bucket

To configure your GCS bucket as a self storage location:

  1. In Splunk Web, select Settings > Indexes > New Index.
  2. Under Dynamic Data Storage, select the Self Storage radio button.
  3. Select Create a self storage location.
    The Dynamic Data Self Storage Locations page opens.
  4. Select New Self Storage Location.
    The New Self Storage Location modal opens.
  5. Give your new storage location a Title and a Description (optional).
  6. In the GCP bucket name field, enter the name of the GCS bucket you created.
  7. (Optional) In the GCP bucket folder field, enter the name of the GCS bucket folder.
  8. Under GCP service account, note the 2 service account strings. In your GCP console, make sure that each service account is assigned the proper GCP roles of Storage Legacy Bucket Writer and Storage Legacy Object Reader, as discussed under "permissions" in the previous section.
  9. Select Test.
    Splunk Cloud Platform writes a 0 KB test file to the root of your GCS bucket to verify that Splunk Cloud Platform has permissions to write to the bucket. A success message appears, and the Submit button is activated.
  10. Select Submit.