All Apps and Add-ons

Crowdstrike Falcon Event Streams TA add account option does not have API key, just username password

reswob10
Explorer

I installed the Crowdstrike Falcon Event Streams TA on my all-in-one Splunk after creating the API key on my Crowdstrike instance per the instructions in the add on guide.  But when I went to the app, then to configuration, then account, and from there clicked the 'Add' button to add an account, the input fields are 'Account Name', 'Username', and 'Password'.  Not, as the guide says, 'Account name', 'ClientID', and 'Secret'.

I have not found anything so far to switch from username/password to clientid/secret.  What am I missing?

Thanks

Labels (1)
Tags (2)
0 Karma
1 Solution

VatsalJagani
SplunkTrust
SplunkTrust

@reswob10 - I know that sounds funny, but add ClientID in place of username and ClientSecret in place of password.

I have done some code analysis for you to figure out that:

VatsalJagani_0-1651394403913.png

 

I hope this helps!!! Upvote/karma would be appreciated!!!

View solution in original post

reswob10
Explorer

That did work.  Thanks.   

0 Karma

VatsalJagani
SplunkTrust
SplunkTrust

@reswob10 - I know that sounds funny, but add ClientID in place of username and ClientSecret in place of password.

I have done some code analysis for you to figure out that:

VatsalJagani_0-1651394403913.png

 

I hope this helps!!! Upvote/karma would be appreciated!!!

Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...