GSuite Log Ingestion

Created by: chayim

Our Elastic subscription level includes xpack, which means we have support for ingesting gsuite logs. Ingesting these logs involves deploying filebeat somewhere within our security cluster, and configuring it to access gsuite.

https://www.elastic.co/guide/en/beats/filebeat/7.9/filebeat-module-gsuite.html

Done means that filebeat pods are deployed in our security project, alongside pubsubbeat. Gsuite logs appear in Elastic.