Ok, ı will try it in today. Thanx

Thanks Martin I did it. the issue was related to customer side, they made not exactly as the guide explained.

Thank you so much, we did it. However, when I am searchhing logs, I cannot see gmail logs in workspace activity. At Applications part(under customer id) of the feed pop-up I added login, access_transparency and drive. Is there anything else to add this part for ingesting different type of logs. I am asking that because of that when I am looking workspace activities list on(
https://cloud.google.com/chronicle/docs/ingestion/default-parsers/collect-workspace-logs
) expressions are different. For instance, application name column shows Access Transparency but add feed page application part shows me application_transparency. So, this is a bit confusing me. How is the syntax of adding?

https://chronicle.security/blog/posts/security-analyst-diaries-4-detection-and-response-on-google-workspace-with-chronicle/



View files in slack

Hi, my customer currently stores all their workspace logs in BigQuery on Google Cloud Platform (GCP). They would like to forward all logs from BigQuery directly to Google’s Security Operations (SecOps) solutions. Is this possible? If so, what would be the best approach to achieve this? Also, could you point me to any relevant documentation for this process?
@cmmartin_google