I have requested access to the OKTA API and tested it with curl which works. Then I set up the Splunk App for Okta according to the documentation but it does not pull in any data. Any help would be greatly appreciated!
In reviewing the Splunk 6.1.3 release notes, under the Windows-Specific issues it states:
If you create a scripted input and use
a full pathname as part of the stanza
name (for example, C:\Program
Splunk Enterprise fails to run the
script and logs the error Error:
Incorrect path to script, even if the
script is in the proper directory. To
work around the problem, use
$SPLUNK_HOME instead of the full
pathname. (SPL-82411, SPL-82897)
Following this example, I used 7-zip to open the gzipped tarball that is the install file for the splunk app and modified the inputs.conf file located at okta/defaults/inputs.conf
Changed the two script lines (1 and 😎 from *[script://./bin/okta.py] * to
*[script://$SPLUNK_HOME\etc\apps\okta\bin\okta.py] * and *[script://./bin/oktausr.py] * to
*[script://$SPLUNK_HOME\etc\apps\okta\bin\oktausr.py] * respectively (those are the default directories).
Used 7zip to add the okta directory to a tar archive, then gizipped it. Changing the extension from *.tar.gz to *.tgz allowed it to be installed into splunk using the "import from file" method. This change modified the commands under settings > data > data inputs > scrips from /./bin/okta.py to $SPLUNK_HOME\etc\apps\okta\bin\okta.py and successfully queried my Okta instance after enabling the python scripts, and the remaining steps in the splunk app for okta documentation.
Hope this helps.