All Apps and Add-ons

Box App for Splunk: After following instructions to configure the app, why is nothing coming in and getting a 403 forbidden error using the box.py script?

rmorlen
Splunk Employee
Splunk Employee

I am trying to use the Box App for Splunk. I have followed the instructions and configured the app. Nothing is coming in and I see a 403 forbidden error using the box.py script.

Any help would be appreciated.

Thanks,
Randy

0 Karma

kskujawa
Explorer

"First install TA_BOX_APP from splunk and configure with box details and restart the server" -- what details, I tried using the oauth info from the Box app install, looks like authentication works, but I am still getting the 400 errors. 04-01-2016 12:24:59.306 -0500 ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\BoxAppForSplunk\bin\box.py"" HTTP Request error: 400 Client Error: Bad Request

This used to work prior to upgrading to 6.3 (and the Box app is not rated for 6.3, so I'm not too surprised.)

0 Karma

Venkat_16
Contributor

Here is the way i configured it:
1. First install TA_BOX_APP from splunk and configure with box details and restart the server
2. Then download Box app for Splunk, configure and then restart
3. Go to backend of Splunk server and make thease below changes:
change no 1: Comment off the streaming_request = 0 in the Splunk/etc/apps/BoxAppForSplunk/default/inputs.conf
change no 2: create a new index in the indexes.conf file in Box app for splunk
change no 3: edit the degault file in inputs.conf of TA_BOX app and replace "disabled=true" as "false" also add the new index below each of the input stanza, like below:

[box_service://events]
rest_endpoint = events
duration = 30
disabled = false
index =

change no 4: update the Splunk/etc/apps/BoxAppForSplunk/default/inputs.conf file with new index which we have created.

Then hit a restart and it will work like charm

0 Karma

tmcerlean
Engager

Getting the same issue - Invalid key in stanza [box://myboxinput] in /Applications/Splunk/etc/apps/BoxAppForSplunk/default/inputs.conf, line 2: streaming_request (value: 0)

0 Karma

atg
New Member

I see the exact same issue as the OP and have not been able to resolve either - I've been looking at it for a couple of weeks now. Box support portal say that the App is not officially supported, so no help there either. A couple of items I've found while troubleshooting :

1) If you stop/start splunk from the command line, you'll see an error message for myboxinput that says the following : Invalid key in stanza [box://myboxinput] in D:\Program Files\Splunk\etc\apps\BoxAppForSplunk\default\inputs.conf, line 2: streaming_request (value: 0)

I tried removing the line in question, which made the error go away after restarting Splunk; however, no data was collected so this did not fix the problem. I don't know exactly what that line does so maybe it's the source of the issue.

2) Running the following search (index=_internal box component=ExecProcessor) reveals the following logs : ERROR ExecProcessor - message from "python "D:\Program Files\Splunk\etc\apps\BoxAppForSplunk\bin\box.py"" HTTP Request error: 400 Client Error: Bad Request

I've looked through the inputs.conf file (SPLUNK_HOME\Program Files\Splunk\etc\apps\BoxAppForSplunk\default) and see all of the values, but they all look correctly with respect to the URLs (ie. https://api.box.com/2.0/events)

The install guide is pretty straightforward, and I know the actual BOX login is working since I get a notification from Box that a login has occurred.

Has anyone else gotten the Box App working?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...