I've installed the Okta Identity Cloud Add-on for Splunk. There was an attempt to configure it a while ago but wasn't tested much. When looking at it again I noticed that there was a 401 Unauthorized error when trying to make the API request. I had the admin create a new token and I configured the token and input in the app. I don't see any errors in the logs, in the app log it does show the message "No logs returned". I know there were both failed and successful attempts to log in to that Okta. Is there anything else I can check on the Splunk or Okta side? 2021-04-02 14:44:05,498 INFO pid=7784 tid=MainThread file=splunk_rest_client.py:_request_handler:105 | Use HTTP connection pooling
2021-04-02 14:44:05,541 INFO pid=7784 tid=MainThread file=base_modinput.py:log_info:295 | metric=log | message=_getSetting is looking for values for: log_limit
2021-04-02 14:44:05,569 INFO pid=7784 tid=MainThread file=base_modinput.py:log_info:295 | metric=log | message=_getSetting is looking for values for: log_limit
2021-04-02 14:44:05,582 INFO pid=7784 tid=MainThread file=base_modinput.py:log_info:295 | metric=log | message=_collectLogs sees an existing next link value of: https://[redacted].oktapreview.com/api/v1/logs, picking up from there
2021-04-02 14:44:05,602 INFO pid=7784 tid=MainThread file=base_modinput.py:log_info:295 | metric=log | message=_getSetting is looking for values for: max_log_batch
2021-04-02 14:44:05,602 INFO pid=7784 tid=MainThread file=base_modinput.py:log_info:295 | metric=log | message=_getSetting is looking for values for: skip_empty_pages
2021-04-02 14:44:05,602 INFO pid=7784 tid=MainThread file=base_modinput.py:log_info:295 | metric=log | message=_getSetting is looking for values for: http_request_timeout
2021-04-02 14:44:05,602 INFO pid=7784 tid=MainThread file=base_modinput.py:log_info:295 | metric=log | message=_getSetting is looking for values for: allow_proxy
2021-04-02 14:44:05,602 INFO pid=7784 tid=MainThread file=base_modinput.py:log_info:295 | metric=log | message=_getSetting is looking for values for: bypass_verify_ssl_certs
2021-04-02 14:44:05,603 INFO pid=7784 tid=MainThread file=base_modinput.py:log_info:295 | metric=log | message=_getSetting is looking for values for: custom_ca_cert_bundle_path
2021-04-02 14:44:05,603 INFO pid=7784 tid=MainThread file=setup_util.py:log_info:117 | Customized key can not be found
2021-04-02 14:44:05,603 INFO pid=7784 tid=MainThread file=base_modinput.py:log_info:295 | Use of the proxy has been enabled through explicit definition of allow_proxy
2021-04-02 14:44:05,603 INFO pid=7784 tid=MainThread file=setup_util.py:log_info:117 | Proxy is not enabled!
2021-04-02 14:44:05,821 INFO pid=7784 tid=MainThread file=base_modinput.py:log_info:295 | metric=log | message=_okta_caller n_val does not match our valid pattern with 0 results, store the current URL: https://[redacted].oktapreview.com/api/v1/logs
2021-04-02 14:44:05,822 INFO pid=7784 tid=MainThread file=base_modinput.py:log_info:295 | metric=log | message=_okta_caller we will now stash n_val with: https://[redacted].oktapreview.com/api/v1/logs
2021-04-02 14:44:05,842 INFO pid=7784 tid=MainThread file=base_modinput.py:log_info:295 | metric=log | message=Zero logs returned
... View more