Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
All Apps and Add-ons
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: Not receiving any logs from Okta
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Not receiving any logs from Okta
roberteves
Explorer
04-02-2021
11:47 AM
I've installed the Okta Identity Cloud Add-on for Splunk. There was an attempt to configure it a while ago but wasn't tested much. When looking at it again I noticed that there was a 401 Unauthorized error when trying to make the API request. I had the admin create a new token and I configured the token and input in the app. I don't see any errors in the logs, in the app log it does show the message "No logs returned". I know there were both failed and successful attempts to log in to that Okta. Is there anything else I can check on the Splunk or Okta side?
2021-04-02 14:44:05,498 INFO pid=7784 tid=MainThread file=splunk_rest_client.py:_request_handler:105 | Use HTTP connection pooling
2021-04-02 14:44:05,541 INFO pid=7784 tid=MainThread file=base_modinput.py:log_info:295 | metric=log | message=_getSetting is looking for values for: log_limit
2021-04-02 14:44:05,569 INFO pid=7784 tid=MainThread file=base_modinput.py:log_info:295 | metric=log | message=_getSetting is looking for values for: log_limit
2021-04-02 14:44:05,582 INFO pid=7784 tid=MainThread file=base_modinput.py:log_info:295 | metric=log | message=_collectLogs sees an existing next link value of: https://[redacted].oktapreview.com/api/v1/logs, picking up from there
2021-04-02 14:44:05,602 INFO pid=7784 tid=MainThread file=base_modinput.py:log_info:295 | metric=log | message=_getSetting is looking for values for: max_log_batch
2021-04-02 14:44:05,602 INFO pid=7784 tid=MainThread file=base_modinput.py:log_info:295 | metric=log | message=_getSetting is looking for values for: skip_empty_pages
2021-04-02 14:44:05,602 INFO pid=7784 tid=MainThread file=base_modinput.py:log_info:295 | metric=log | message=_getSetting is looking for values for: http_request_timeout
2021-04-02 14:44:05,602 INFO pid=7784 tid=MainThread file=base_modinput.py:log_info:295 | metric=log | message=_getSetting is looking for values for: allow_proxy
2021-04-02 14:44:05,602 INFO pid=7784 tid=MainThread file=base_modinput.py:log_info:295 | metric=log | message=_getSetting is looking for values for: bypass_verify_ssl_certs
2021-04-02 14:44:05,603 INFO pid=7784 tid=MainThread file=base_modinput.py:log_info:295 | metric=log | message=_getSetting is looking for values for: custom_ca_cert_bundle_path
2021-04-02 14:44:05,603 INFO pid=7784 tid=MainThread file=setup_util.py:log_info:117 | Customized key can not be found
2021-04-02 14:44:05,603 INFO pid=7784 tid=MainThread file=base_modinput.py:log_info:295 | Use of the proxy has been enabled through explicit definition of allow_proxy
2021-04-02 14:44:05,603 INFO pid=7784 tid=MainThread file=setup_util.py:log_info:117 | Proxy is not enabled!
2021-04-02 14:44:05,821 INFO pid=7784 tid=MainThread file=base_modinput.py:log_info:295 | metric=log | message=_okta_caller n_val does not match our valid pattern with 0 results, store the current URL: https://[redacted].oktapreview.com/api/v1/logs
2021-04-02 14:44:05,822 INFO pid=7784 tid=MainThread file=base_modinput.py:log_info:295 | metric=log | message=_okta_caller we will now stash n_val with: https://[redacted].oktapreview.com/api/v1/logs
2021-04-02 14:44:05,842 INFO pid=7784 tid=MainThread file=base_modinput.py:log_info:295 | metric=log | message=Zero logs returned
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ttovarzoll
Path Finder
04-06-2021
11:53 AM
Did you recreate the Input(s) in the Okta TA? It's simple enough to configure, I would do that just to ensure there wasn't something borked in the original Input, i.e., after the original token failed.
Also, for what user-account is the new token? Currently, I'm using my own admin-equiv Okta user but I'm trying to recreate it with a 'service-account' with only the required log-access permissions. The "no logs found" might be a misleading error if the token is for a user without log-access?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thambisetty
SplunkTrust
04-05-2021
04:04 AM
2021-04-02 14:44:05,821 INFO pid=7784 tid=MainThread file=base_modinput.py:log_info:295 | metric=log | message=_okta_caller n_val does not match our valid pattern with 0 results, store the current URL: https://[redacted].oktapreview.com/api/v1/logs
————————————
If this helps, give a like below.
If this helps, give a like below.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
roberteves
Explorer
04-06-2021
11:45 AM
Do you know what that means? Is it some configuration for logging on the server side or in the Okta app on the Splunk server?
Get Updates on the Splunk Community!
Routing logs with Splunk OTel Collector for Kubernetes
The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...
Welcome to the Splunk Community!
(view in My Videos)
We're so glad you're here!
The Splunk Community is place to connect, learn, give back, and ...
Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM
Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...
