sboschman
commented
5 months ago PubSub topic in the same or a different project is up to you. Whatever fits your google setup.
The plugin though can only pull from a single subscription. So if you have multiple clusters in multiple projects (under the same organization) you can push logs from different projects/clusters to a single PubSub topic.
Depending on the audit log volume generated you can scale out the falco instances running the plugin (if e.g. one falco instance is unable to keep up).
From the docs:
Is this really needed or just a possibility - to do it in a separate project -?
Thanks!