Google Workspace

The gworkspace log type monitors Google Workspace log entries, such as the following:

Admin actions
Group and group membership actions
Events related to logins

The following code snippet contains all the raw_field and ecs mappings for this log type:

  "mappings": [
    {
      "raw_field":"eventSource",
      "ecs":"google_workspace.admin.service.name"
    },
    {
      "raw_field":"eventName",
      "ecs":"google_workspace.event.name"
    },
    {
      "raw_field":"new_value",
      "ecs":"google_workspace.admin.new_value"
    }
  ]

WAS THIS PAGE HELPFUL?

✔ Yes ✖ No

Tell us why

350 characters left

Have a question? Ask us on the OpenSearch forum.

Want to contribute? Edit this page or create an issue.

Google Workspace

OpenSearch Links

Get Involved

Resources

Contact Us