Skip to content

Prerequisites to retrieve logs from GCP to

When utilizing an Google integration with, the initial step involves centralizing your logs using Pub/Sub order to pull events. The following page will guide you through the process of setting up these prerequisites


Google Cloud Logging centralizes logs from Google Cloud products.

In this documentation, you will learn how to collect and send Google Cloud logs to SEKOIA.IO.


Before you begin working with PubSub, verify that you have the right permission.

Follow Google's documentation to configure a dedicated PubSub receiver. At the end of the documentation you should have done the following:

  • Setup a project
  • Create a topic
  • Add a subscription (you should have the role logging.admin explicitly set on your account; for more information, see associated documentation)
  • Try your setup by publishing a message to the topic

Next, create a dedicated service account. At the end of the documentation you should have done the following:

  • Create a service account with the role Pub/Sub Subscriber


To successfully activate the playbook further down this page, ensure the user has been granted the Pub/Sub Subscriber role for both the Topic and Subscription pages. Failure to do so will result in an error with status code 403.

  • Create and download JSON keys (service account credentials)

You should now have:

  • A credentials file
  • A project ID
  • A subscription ID

To pull events, you have to:

  1. Go to the playbooks' page
  2. Click on +New playbook to create a new playbook
  3. Select Use a template when creating a playbook
  4. Search for Google Cloud then select Forward Google Pubsub records to

This playbook consumes records from Google Pubsub and pushes them to

You can also create your own on the same basis by using the "Google Pub/Sub" trigger (Connect to the specified)

  • Use the JSON keys (service account credentials) information downloaded to complete the fields on the trigger

Fields description

Field Meaning
name Configuration name
auth_provider_x509_cert_url The URL of the public x509 certificate, used to verify the signature on JWTs, such as ID tokens, signed by the authentication provider.
auth_url Google authentification url
client_email Client email
client_id Client id
client_x509_cert_url The URL of the public x509 certificate, used to verify JWTs signed by the client
private_key Private key
private_key_id Private key id
project_id Project id
token_uri token server endpoint URI
type Activity type service_account

To start sending Logs to SEKOIA.IO, please create a Logs Router Sinks with an Inclusion Filter that fits your needs (Read the documentation dedicated to the product you want to monitor).

Last configuration on Google to setup is describe on each Intake.