- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Okta App not working
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Okta App not working
HI,
I am trying to use the Okta App for Splunk with the latest Splunk release. Installed test instance this week.
When I restart Splunk and trace Okta, I always get the following errors
WARN DateParserVerbose - Accepted time (Mon Feb 03 01:40:27 2014) is suspiciously far away from the previous event's time (Tue Feb 04 05:16:47 2014), but still accepted because it was extracted by the same pattern. Context: source::C:\Program Files\Splunk/etc/apps/okta/bin/okta.py|host::swglog01|exec|0
2014-02-19 18:11:54.383000 app=okta event_id=okta.api.user.start severity=informational subject="Requesting User Object with limit 1000" Traceback (most recent call last): File "C:\Program Files\Splunk\etc\apps\okta\bin\oktausr.py", line 54, in
In my Okta index there is no data 😞
Any idea what I am missing?
Thanks
Florian
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Florian,
I released a new version of this yesterday -- can you please let me know if this resolves your issue? Thanks!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I configured the app but i am receiving only below in the logs:
2015-02-09 21:03:56.167978 app=okta event_id=okta.api.query.complete severity=informational subject="Closing with timestamp 2015-02-20T12:00:00.000Z"
2015-02-09 21:03:55.756511 app=okta event_id=okta.api.query.start severity=informational subject="Requesting API at offset 2015-02-20T12:00:00.000Z"
There is no other data and all dashboards are not working.. Here is the config
[default]
uri =
auth = SSWS
[okta]
endpoint = /api/v1/events
limit = 1000
startdate = 2015-02-20T12:00:00.000Z
[okta_user]
endpoint = /api/v1/users
limit = 2000
Scripts and buildlookup are enabled.
Any Insight on this?
Thanks
Hemendra
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
URI and API token is also configured but somehow missed above while editing.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Finally it seems to be an issue with the browser I used - when using Internet Explorer all is fine!!
Chrome and Firefox raise an error...
Furthermore we had to look through all scripts as they were not interpreted correctly on Windows...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Florian - I'm having the same issue.
What's weird is that the latest release of 1.1.0 claims to have fixed this bug:
Corrected a key mismatch causing events to log in raw JSON
Makes me think the wrong script was uploaded?
I emailed the author directly, no response yet. I'll let you know!
Get the T-shirt to Prove You Survived Splunk University Bootcamp
Introducing the Splunk Community Dashboard Challenge!
Wondering How to Build Resiliency in the Cloud?
