I am running into an issue where the Box App for Splunk fails to re-authorize after initial access token expires. It works for a number of hours, until I see the following error message in logs:
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/BoxAppForSplunk/bin/box.py" HTTP Request error: 401 Client Error: Unauthorized
The initial auth/grant access is done with admin-level account.
Do I need to create a 'service' account under developer's console?