All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk Add-On for Okta: How to troubleshoot error "Failed to get stanza Okta"?

bashpd
Engager
‎07-21-2016 09:40 AM

In a cloud instance of Splunk, I've tried to set up the Splunk Add-On for Okta by following the documentation (I've set up 1 data input for user metrics). When running a sourcetype=okta:imsearch, no results are returned, and when running the index=_internal source=*ta_okta* troubleshooting search, the following error messages are what stand out.

Failed to get stanza Okta - Users by data_input manager.

Failed to setup config for okta TA: Failed to get stanza Okta - Users by data_input manager.

What is the reason(s) for these errors, and what are the possible solutions? Again, this is a cloud instance.

Thank you.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

rwang_splunk
Splunk Employee
Splunk Employee
‎07-21-2016 06:49 PM

Hi bashpd

  1. What version of Splunk add-on for Okta you are using?
  2. How did you configure you data input? via UI or inputs.conf? Try using UI to configure the inputs again and eliminate the space in your input name. let me know if it still doesn't work.

View solution in original post

Reply
Solved! Jump to solution
Solution

rwang_splunk
Splunk Employee
Splunk Employee
‎07-21-2016 06:49 PM

Hi bashpd

  1. What version of Splunk add-on for Okta you are using?
  2. How did you configure you data input? via UI or inputs.conf? Try using UI to configure the inputs again and eliminate the space in your input name. let me know if it still doesn't work.
Reply
Solved! Jump to solution

bashpd
Engager
‎07-22-2016 12:37 PM
  1. v1.1.0
  2. I've been configuring the data inputs via the UI. I've done what you've suggested with just user for the name, and this was for the preset user metrics data input. Running sourcetype=okta:im found no results, but running the troubleshooting search, index=_internal source=*ta_okta* returned no errors.

I then tried adding event metrics data input using simply events as the name, ran the troubleshooting search once more, and that seems to have fixed it. Returned back with 10k records. Thank you!

Now I've got to set up the dashboard to show all the Okta related content. You wouldn't happen to have any insight into how to go about that, or better yet, directions to some documentation for creating a dashboard with predefined panels. Simply creating a new dashboard, and adding the Okta predefined panels doesn't seem to pull any data. Getting no results found.

EDIT:

I didn't realise I had put the inputs into a non-default index called okta. Running index="okta" sourcetypey=okta:im returned results. Now I'll figure out how to adjust the panels to reference the Okta index, and all should be right in the world.

EDIT EDIT:

Got it now. Needed to convert the prebuilt panels into inline search panel then adjust the search string by amending it with index="okta" at the start of the line, and it's now pulling in data.

Thanks a lot!

Reply
Solved! Jump to solution

rwang_splunk
Splunk Employee
Splunk Employee
‎07-26-2016 12:16 AM

I'm glad it's working.
Renee

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...