New GC Recipe gcp_logging_l2t_ts

data/recipes/gcp_logging_ts.json

@@ -24,15 +24,16 @@
         "start_time": null,
         "end_time": null
       }
-    },
-    {
+    },{
       "wants": ["GCPLogsCollector"],
-      "name": "GCPLoggingTimesketch",
-      "args": {}
-    },
-    {
+      "name": "LocalPlasoProcessor",
+      "args": {
+        "timezone": null,
+        "use_docker": "@use_docker"
+      }
+  },{
       "wants": [
-        "GCPLoggingTimesketch"
+        "LocalPlasoProcessor"
       ],
       "name": "TimesketchExporter",
       "args": {
@@ -52,6 +53,7 @@
     ["filter_expression", "Filter expression to use to query GCP logs. See https://cloud.google.com/logging/docs/view/query-library for examples.", "resource.type = 'gce_instance'"],
     ["--backoff", "If GCP Cloud Logging API query limits are exceeded, retry with an increased delay between each query to try complete the query at a slower rate.", false],
     ["--delay", "Number of seconds to wait between each GCP Cloud Logging query to avoid hitting API query limits", "0", {"format": "integer"}],
+    ["--use_docker", "True or False to use Docker version of Plaso, default: true", true],
     ["--analyzers", "Timesketch analyzers to run.", null],
     ["--sketch_id", "Timesketch sketch to which the timeline should be added.", null, {"format": "integer"}],
     ["--timesketch_endpoint", "Timesketch endpoint", "http://localhost:5000/"],