All Apps and Add-ons

Box App for Splunk: After following instructions to configure the app, why is nothing coming in and getting a 403 forbidden error using the box.py script?

rmorlen
Splunk Employee
Splunk Employee

I am trying to use the Box App for Splunk. I have followed the instructions and configured the app. Nothing is coming in and I see a 403 forbidden error using the box.py script.

Any help would be appreciated.

Thanks,
Randy

0 Karma

kskujawa
Explorer

"First install TA_BOX_APP from splunk and configure with box details and restart the server" -- what details, I tried using the oauth info from the Box app install, looks like authentication works, but I am still getting the 400 errors. 04-01-2016 12:24:59.306 -0500 ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\BoxAppForSplunk\bin\box.py"" HTTP Request error: 400 Client Error: Bad Request

This used to work prior to upgrading to 6.3 (and the Box app is not rated for 6.3, so I'm not too surprised.)

0 Karma

Venkat_16
Contributor

Here is the way i configured it:
1. First install TA_BOX_APP from splunk and configure with box details and restart the server
2. Then download Box app for Splunk, configure and then restart
3. Go to backend of Splunk server and make thease below changes:
change no 1: Comment off the streaming_request = 0 in the Splunk/etc/apps/BoxAppForSplunk/default/inputs.conf
change no 2: create a new index in the indexes.conf file in Box app for splunk
change no 3: edit the degault file in inputs.conf of TA_BOX app and replace "disabled=true" as "false" also add the new index below each of the input stanza, like below:

[box_service://events]
rest_endpoint = events
duration = 30
disabled = false
index =

change no 4: update the Splunk/etc/apps/BoxAppForSplunk/default/inputs.conf file with new index which we have created.

Then hit a restart and it will work like charm

0 Karma

tmcerlean
Engager

Getting the same issue - Invalid key in stanza [box://myboxinput] in /Applications/Splunk/etc/apps/BoxAppForSplunk/default/inputs.conf, line 2: streaming_request (value: 0)

0 Karma

atg
New Member

I see the exact same issue as the OP and have not been able to resolve either - I've been looking at it for a couple of weeks now. Box support portal say that the App is not officially supported, so no help there either. A couple of items I've found while troubleshooting :

1) If you stop/start splunk from the command line, you'll see an error message for myboxinput that says the following : Invalid key in stanza [box://myboxinput] in D:\Program Files\Splunk\etc\apps\BoxAppForSplunk\default\inputs.conf, line 2: streaming_request (value: 0)

I tried removing the line in question, which made the error go away after restarting Splunk; however, no data was collected so this did not fix the problem. I don't know exactly what that line does so maybe it's the source of the issue.

2) Running the following search (index=_internal box component=ExecProcessor) reveals the following logs : ERROR ExecProcessor - message from "python "D:\Program Files\Splunk\etc\apps\BoxAppForSplunk\bin\box.py"" HTTP Request error: 400 Client Error: Bad Request

I've looked through the inputs.conf file (SPLUNK_HOME\Program Files\Splunk\etc\apps\BoxAppForSplunk\default) and see all of the values, but they all look correctly with respect to the URLs (ie. https://api.box.com/2.0/events)

The install guide is pretty straightforward, and I know the actual BOX login is working since I get a notification from Box that a login has occurred.

Has anyone else gotten the Box App working?

0 Karma
Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...