I got some problems with refreshing the access token of the Splunk addon for box. I don't know if this should be normally done by the addon?
So every hour my connection to box fails and i have to restart splunk manually to get it working again. My goal is to monitoring box 24/7.
Currently as a workaround i'am trying to search for errors in logs and restart splunk with a script, but even this is not working. As i see the addon is stopping to write into the logs and thats why my alert for searching terms like "error, refresh token" is not triggered.
I got no response of this serverlogs since 4 hours. Sometimes its working overnight. Sometime snot
Any help is appreciated!
Regards
index="_internal" source="/opt/splunk/var/log/splunk/ta_box.log" error
2016-01-22 10:37:26,760 ERROR 140673298708224 - Failed to connect https://api.box.com/2.0/events?stream_type=admin_logs&limit=500&stream_position=1453446926495;7f7aac36-5e11-488f-b343-9b24eda9e381&created_after=2016-01-22T07:58:05-00:00&created_before=2016-01-22T09:37:26-00:00, reason=Unauthorized,
2016-01-22 10:37:22,299 ERROR 140673307100928 - Failed to connect https://api.box.com/2.0/folders/0/items?limit=500&offset=0&fields=type,id,name,size,sequence_id,etag,item_status,permissions,created_at,modified_at,has_collaborations,can_non_owners_invite,tags,created_by,modified_by,parent, reason=Unauthorized,
2016-01-22 10:36:57,317 ERROR 140673315493632 - Failed to connect https://api.box.com/2.0/events?stream_type=admin_logs&limit=500&stream_position=1453446926495;7f7aac36-5e11-488f-b343-9b24eda9e381&created_after=2016-01-22T07:58:05-00:00&created_before=2016-01-22T09:36:56-00:00, reason=Unauthorized,
2016-01-22 10:36:50,362 ERROR 140673323886336 - Failed to connect https://api.box.com/2.0/groups?limit=500&offset=0, reason=Unauthorized,
index="_internal" source="/opt/splunk/var/log/splunk/ta_box.log" token
2016-01-22 10:37:27,119 INFO 140673298708224 - End of refreshing access token.
2016-01-22 10:37:26,760 INFO 140673298708224 - Access token has been expired, refreshing
2016-01-22 10:37:22,300 INFO 140673307100928 - Access token has been expired, refreshing
2016-01-22 10:36:57,318 INFO 140673315493632 - Access token has been expired, refreshing
2016-01-22 10:36:50,362 INFO 140673323886336 - Access token has been expired, refreshing
2016-01-22 10:36:49,102 INFO 140673332279040 - End of refreshing access token.
2016-01-22 10:36:48,361 INFO 140673332279040 - Access token has been expired, refreshing
2016-01-22 08:57:37,868 INFO 140442830190336 - Access token has been expired, refreshing
my alerts are working...sometimes
source = /opt/splunk/var/log/splunk/python.log
2016-01-22 10:37:27,376 +0100 INFO runshellscript:188 - runshellscript: ['/bin/bash', '/opt/splunk/bin/scripts/restarttest', '1', 'index="_internal" source="/opt/splunk/var/log/splunk/ta_box.log" token', 'index="_internal" source="/opt/splunk/var/log/splunk/ta_box.log" token', 'error access token refresh', 'Saved Search [error access token refresh] always(1)', 'https://newbox:8000/app/search/search?q=%7Cloadjob%20rt_scheduler__admin__search__RMD563f61171f01b63e4_at_1453455387_1.0%20%7C%20head%201%20%7C%20tail%201&earliest=0&latest=now', '', '/opt/splunk/var/run/splunk/dispatch/rt_scheduler__admin__search__RMD563f61171f01b63e4_at_1453455387_1.0/per_result_alert/tmp_0.csv.gz']
2016-01-22 10:37:27,375 +0100 INFO runshellscript:129 - ['/opt/splunk/bin/scripts/restarttest', '1', 'index="_internal" source="/opt/splunk/var/log/splunk/ta_box.log" token', 'index="_internal" source="/opt/splunk/var/log/splunk/ta_box.log" token', 'error access token refresh', 'Saved Search [error access token refresh] always(1)', 'https://newbox:8000/app/search/search?q=%7Cloadjob%20rt_scheduler__admin__search__RMD563f61171f01b63e4_at_1453455387_1.0%20%7C%20head%201%20%7C%20tail%201&earliest=0&latest=now', '', '/opt/splunk/var/run/splunk/dispatch/rt_scheduler__admin__search__RMD563f61171f01b63e4_at_1453455387_1.0/per_result_alert/tmp_0.csv.gz']
... View more