Re: Box App for Splunk: After following instructio...

rmorlen · ‎08-24-2015

I am trying to use the Box App for Splunk. I have followed the instructions and configured the app. Nothing is coming in and I see a 403 forbidden error using the box.py script.

Any help would be appreciated.

Thanks,
Randy

kskujawa · ‎04-01-2016

"First install TA_BOX_APP from splunk and configure with box details and restart the server" -- what details, I tried using the oauth info from the Box app install, looks like authentication works, but I am still getting the 400 errors. 04-01-2016 12:24:59.306 -0500 ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\BoxAppForSplunk\bin\box.py"" HTTP Request error: 400 Client Error: Bad Request

This used to work prior to upgrading to 6.3 (and the Box app is not rated for 6.3, so I'm not too surprised.)

Venkat_16 · ‎01-27-2016

Here is the way i configured it:
1. First install TA_BOX_APP from splunk and configure with box details and restart the server
2. Then download Box app for Splunk, configure and then restart
3. Go to backend of Splunk server and make thease below changes:
change no 1: Comment off the streaming_request = 0 in the Splunk/etc/apps/BoxAppForSplunk/default/inputs.conf
change no 2: create a new index in the indexes.conf file in Box app for splunk
change no 3: edit the degault file in inputs.conf of TA_BOX app and replace "disabled=true" as "false" also add the new index below each of the input stanza, like below:

[box_service://events]
rest_endpoint = events
duration = 30
disabled = false
index =

change no 4: update the Splunk/etc/apps/BoxAppForSplunk/default/inputs.conf file with new index which we have created.

Then hit a restart and it will work like charm

tmcerlean · ‎09-14-2015

Getting the same issue - Invalid key in stanza [box://myboxinput] in /Applications/Splunk/etc/apps/BoxAppForSplunk/default/inputs.conf, line 2: streaming_request (value: 0)

atg · ‎08-24-2015

I see the exact same issue as the OP and have not been able to resolve either - I've been looking at it for a couple of weeks now. Box support portal say that the App is not officially supported, so no help there either. A couple of items I've found while troubleshooting :

1) If you stop/start splunk from the command line, you'll see an error message for myboxinput that says the following : Invalid key in stanza [box://myboxinput] in D:\Program Files\Splunk\etc\apps\BoxAppForSplunk\default\inputs.conf, line 2: streaming_request (value: 0)

I tried removing the line in question, which made the error go away after restarting Splunk; however, no data was collected so this did not fix the problem. I don't know exactly what that line does so maybe it's the source of the issue.

2) Running the following search (index=_internal box component=ExecProcessor) reveals the following logs : ERROR ExecProcessor - message from "python "D:\Program Files\Splunk\etc\apps\BoxAppForSplunk\bin\box.py"" HTTP Request error: 400 Client Error: Bad Request

I've looked through the inputs.conf file (SPLUNK_HOME\Program Files\Splunk\etc\apps\BoxAppForSplunk\default) and see all of the values, but they all look correctly with respect to the URLs (ie. https://api.box.com/2.0/events)

The install guide is pretty straightforward, and I know the actual BOX login is working since I get a notification from Box that a login has occurred.

Has anyone else gotten the Box App working?

Box App for Splunk: After following instructions to configure the app, why is nothing coming in and getting a 403 forbidden error using the box.py script?

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)