search

srsplunk / idelta_addon_for_google_analytics

Ingest Google Analytics 4 (GA4) metrics in to Splunk
0 stars 0 forks source link
google google-analytics google-analytics-4 splunk splunk-addon

readme

iDelta Add-on for Google Analytics

The iDelta Add-on for Google Analytics uses the Google Analytics Data API (GA4) to fetch and ingest it into Splunk.

Update August 2024

The add-on is now available to download (or install directly) from splunkbase. Note that is has passed vetting for Splunk Cloud Victoria and Classic stacks.

Introduction

There have been various solutions over time to ingest Google Analytics data into Splunk but none had been kept up to date and there doesn't appear to be any that work with the relatively new GA4 platform. This add-on was built to bridge that gap.

The Add-on allows the user to create inputs where they specify the google analytics metric required (e.g. totalUsers) and the dimensions to split the data by.

In order to make the API call, a private key is required and it needs to be stored within the bin directory. For on-prem Splunk installations this should not present an issue but Splunk Cloud customers should give consider where to run the add-on and if the answer is "on Splunk Cloud" then discuss with Splunk support how to achieve this.

Pre-Requisites

Further details on these steps are listed below:

  1. A website integrated with Google Analytics (GA4)
  2. Private Key of a Google service account, with access to the GA4 data
  3. The Google Analytics property id of the website you want to retrieve data from
  4. An installation of this add-on, with Internet access
  5. A list of metrics and dimensions to retrieve

Setup

Google Analytics

The Google Analytics adminstrator should complete the following steps to generate a private key for use by the add-on:

  1. Follow Steps 1 and 2 from the API Quick Start
  2. Provide the credentials.json file to the Splunk Admin
  3. Also provide the Property ID of the site being monitored by Google Analytics - this is a 9 digit number, visible from the Admin section (gear icon bottom left) and then Property > Property Details

Note that instead of using the quick start method above you can manually create an OAuth client ID and then assign the permissions as per step 2 in the Quick Start. This provides more control but involves more steps.

Splunk Add-on Installation

To install the add-on, on the Splunk server that will host the add-on:

  1. In Splunk Web search for the add-on and install or download from splunkbase and install manually
  2. Place the credentials.json file, supplied by the Google Analytics administrator, into the following location (note that name change on the file): $SPLUNK_HOME/etc/apps/idelta_addon_for_splunk/bin/google_analytics_credentials.json
  3. Ensure the above file has appropriate ownership and permissions set (e.g. chown splunk.splunk, chmod 400)
  4. Restart the Splunk server (or reload, requires testing)

Note that this add-on has been built using the ucc framework, and the repository contents are orientated towards development - that is the reason that the add-on currently sits under a "package" directory.

Splunk Add-on Configuration

To configure the add-on:

  1. Optional: setup a new Splunk index for your data
  2. In the add-on:
    • Click on Configuration > Accounts then click Add
    • Enter a name for the account (e.g. which website is it for)
    • Enter the Google Analytics Property ID
  3. Select the Inputs tab:
    • Click Create New Input
    • Enter a name for the input (e.g. activeUsers_myWebSite)
    • Enter the Metric Names required (e.g. activeUsers)
    • Enter the Dimension Names (e.g. city, country, browser)
    • Enter a start date (e.g. yesterday)
    • Enter an end date (e.g. today)
    • Enter an interval in seconds (e.g. 86400)
    • Select the Account to Use (as setup in step 2 above)

Note that metric name, dimensions, start date and end date should use the same terms as specified in the Google API documentation, see startDate and endDate definitions