Google

GKE Audit Logs

Ingests Kubernetes audit logs from Google Kubernetes Engine (GKE) clusters via Cloud Logging. This connector automatically filters and collects audit events from your GKE cluster's control plane.

Sync Type: Incremental

Requirements

Before setting up the GKE Audit Logs input, you need to:

Have a Google Cloud Platform (GCP) account with access to a GKE cluster.
Have the GKE cluster with audit logging enabled:
- Admin Activity Logs (enabled by default)
- Data Access Logs (must be explicitly enabled if needed)
Create a GCP service account with the necessary permissions.
Generate a JSON key for the service account.

Enabling GKE Audit Logging

To ensure your GKE cluster is properly configured for audit log collection:

Verify Admin Activity Logs are enabled (default):
- Most GKE clusters have Admin Activity audit logging enabled by default
- This captures administrative actions like cluster creation, workload deployments, etc.
Enable Data Access Logs (if needed):
- Go to Google Cloud Console
- Navigate to "IAM & Admin" > "Audit Logs"
- Find the relevant services (e.g., Kubernetes Engine API)
- Enable "Data Access" logging if you need to audit read-only operations

Details

The GKE Audit Logs input wraps the Google Cloud Logs connector and automatically:

Filters logs to your specific GKE cluster using the cluster name and location
Enables proto payload parsing to properly decode Kubernetes audit log entries (AuditLog protobuf format)
Tracks state using the log entry timestamps to implement incremental synchronization
Only fetches logs created after the last successful sync

The connector translates your GKE configuration into a Cloud Logs filter that targets:

Resource type: k8s_cluster
Cluster name: your specified cluster name
Location: your cluster's region or zone

Incremental Sync

Monad tracks the timestamp of the last successfully processed audit log and only fetches newer events on subsequent runs.

Configuration

Settings

Setting	Type	Required	Description
Project ID	string	Yes	The GCP project ID that contains the GKE cluster.
Cluster Name	string	Yes	The name of the GKE cluster. Used to filter audit logs to this specific cluster.
Location	string	Yes	The GCP region or zone where the GKE cluster runs (e.g., `us-central1` or `us-central1-a`).

Secrets

Secret	Type	Required	Description
Credentials JSON	string	Yes	GCP service account JSON key with `roles/logging.viewer` on the project.

Setting up the Service Account

Go to the Google Cloud Console.
Select your project from the project dropdown at the top of the page.
Navigate to "IAM & Admin" > "Service Accounts".
Click "Create Service Account".
Enter a name for the service account (e.g., "gke-audit-logs") and click "Create".
Assign the following role to the service account:
- Logs Viewer (roles/logging.viewer)
Click "Continue" and then "Done".
Find the newly created service account in the list and click on it.
Go to the "Keys" tab and click "Add Key" > "Create new key".
Choose JSON as the key type and click "Create".
Save the downloaded JSON key file securely.

Setting up the Input

In the Monad UI, go to the "Inputs" section.
Click "Add Input" and select "GKE Audit Logs".
Configure the input settings:
- Project ID: Your GCP project ID (e.g., my-gcp-project)
- Cluster Name: The name of your GKE cluster (e.g., my-gke-cluster)
- Location: The region or zone where your cluster runs (e.g., us-central1 or us-central1-a)
In the "Secrets" section, paste the contents of your service account JSON key file.
Test the connection to verify everything is configured correctly.

Rate Limits

GKE Audit Logs are subject to Google Cloud Logging API rate limits. The exact limits depend on your GCP billing account tier.

Limit Type	Limit	Notes
Read requests per minute	Up to 60	Per project
Data ingestion	Unlimited	Logs are retained according to your sink configuration

For more information on Cloud Logging quotas, see Google Cloud Logging Quotas and Limits.

Last modified on May 19, 2026

Bigquery Cron Bigquery

Google

GKE Audit Logs

Ingests Kubernetes audit logs from Google Kubernetes Engine (GKE) clusters via Cloud Logging. This connector automatically filters and collects audit events from your GKE cluster's control plane.

Sync Type: Incremental

Requirements

Before setting up the GKE Audit Logs input, you need to:

Have a Google Cloud Platform (GCP) account with access to a GKE cluster.
Have the GKE cluster with audit logging enabled:
- Admin Activity Logs (enabled by default)
- Data Access Logs (must be explicitly enabled if needed)
Create a GCP service account with the necessary permissions.
Generate a JSON key for the service account.

Enabling GKE Audit Logging

To ensure your GKE cluster is properly configured for audit log collection:

Verify Admin Activity Logs are enabled (default):
- Most GKE clusters have Admin Activity audit logging enabled by default
- This captures administrative actions like cluster creation, workload deployments, etc.
Enable Data Access Logs (if needed):
- Go to Google Cloud Console
- Navigate to "IAM & Admin" > "Audit Logs"
- Find the relevant services (e.g., Kubernetes Engine API)
- Enable "Data Access" logging if you need to audit read-only operations

Details

The GKE Audit Logs input wraps the Google Cloud Logs connector and automatically:

Filters logs to your specific GKE cluster using the cluster name and location
Enables proto payload parsing to properly decode Kubernetes audit log entries (AuditLog protobuf format)
Tracks state using the log entry timestamps to implement incremental synchronization
Only fetches logs created after the last successful sync

The connector translates your GKE configuration into a Cloud Logs filter that targets:

Resource type: k8s_cluster
Cluster name: your specified cluster name
Location: your cluster's region or zone

Incremental Sync

Monad tracks the timestamp of the last successfully processed audit log and only fetches newer events on subsequent runs.

Configuration

Settings

Setting	Type	Required	Description
Project ID	string	Yes	The GCP project ID that contains the GKE cluster.
Cluster Name	string	Yes	The name of the GKE cluster. Used to filter audit logs to this specific cluster.
Location	string	Yes	The GCP region or zone where the GKE cluster runs (e.g., `us-central1` or `us-central1-a`).

Secrets

Secret	Type	Required	Description
Credentials JSON	string	Yes	GCP service account JSON key with `roles/logging.viewer` on the project.

Setting up the Service Account

Go to the Google Cloud Console.
Select your project from the project dropdown at the top of the page.
Navigate to "IAM & Admin" > "Service Accounts".
Click "Create Service Account".
Enter a name for the service account (e.g., "gke-audit-logs") and click "Create".
Assign the following role to the service account:
- Logs Viewer (roles/logging.viewer)
Click "Continue" and then "Done".
Find the newly created service account in the list and click on it.
Go to the "Keys" tab and click "Add Key" > "Create new key".
Choose JSON as the key type and click "Create".
Save the downloaded JSON key file securely.

Setting up the Input

In the Monad UI, go to the "Inputs" section.
Click "Add Input" and select "GKE Audit Logs".
Configure the input settings:
- Project ID: Your GCP project ID (e.g., my-gcp-project)
- Cluster Name: The name of your GKE cluster (e.g., my-gke-cluster)
- Location: The region or zone where your cluster runs (e.g., us-central1 or us-central1-a)
In the "Secrets" section, paste the contents of your service account JSON key file.
Test the connection to verify everything is configured correctly.

Rate Limits

GKE Audit Logs are subject to Google Cloud Logging API rate limits. The exact limits depend on your GCP billing account tier.

Limit Type	Limit	Notes
Read requests per minute	Up to 60	Per project
Data ingestion	Unlimited	Logs are retained according to your sink configuration

For more information on Cloud Logging quotas, see Google Cloud Logging Quotas and Limits.

Last modified on May 19, 2026

Bigquery Cron Bigquery

GKE Audit Logs

Requirements

Enabling GKE Audit Logging

Details

Incremental Sync

Configuration

Settings

Secrets

Setting up the Service Account

Setting up the Input

Rate Limits

Related Articles

GKE Audit Logs

Requirements

Enabling GKE Audit Logging

Details

Incremental Sync

Configuration

Settings

Secrets

Setting up the Service Account

Setting up the Input

Rate Limits

Related Articles