All Apps and Add-ons

Okta APP will not pull in data

rogierg
New Member

Hi there,

I have requested access to the OKTA API and tested it with curl which works. Then I set up the Splunk App for Okta according to the documentation but it does not pull in any data. Any help would be greatly appreciated!

Rogier

0 Karma

NUJross
New Member

In reviewing the Splunk 6.1.3 release notes, under the Windows-Specific issues it states:

If you create a scripted input and use
a full pathname as part of the stanza
name (for example, C:\Program
Files\Splunk\bin\scripts\getdata.bat,
Splunk Enterprise fails to run the
script and logs the error Error:
Incorrect path to script, even if the
script is in the proper directory. To
work around the problem, use
$SPLUNK_HOME instead of the full
pathname. (SPL-82411, SPL-82897)

Following this example, I used 7-zip to open the gzipped tarball that is the install file for the splunk app and modified the inputs.conf file located at okta/defaults/inputs.conf

Changed the two script lines (1 and 😎 from *[script://./bin/okta.py] * to
*[script://$SPLUNK_HOME\etc\apps\okta\bin\okta.py] * and *[script://./bin/oktausr.py] * to
*[script://$SPLUNK_HOME\etc\apps\okta\bin\oktausr.py] * respectively (those are the default directories).

Used 7zip to add the okta directory to a tar archive, then gizipped it. Changing the extension from *.tar.gz to *.tgz allowed it to be installed into splunk using the "import from file" method. This change modified the commands under settings > data > data inputs > scrips from /./bin/okta.py to $SPLUNK_HOME\etc\apps\okta\bin\okta.py and successfully queried my Okta instance after enabling the python scripts, and the remaining steps in the splunk app for okta documentation.

Hope this helps.

0 Karma

mitchellreed
New Member

Are you seeing anything come in to the okta index? Don't forget to enable the two python scripts.

0 Karma

sorefoot
New Member

We installed it last week and verified our config file with Okta PS. We still have no data. Any help in figuring out what we did wrong?

0 Karma

bwindham
Path Finder

I have pulled down the latest Splunk for Okta and am also getting the "incorrect path to script: bin/oktausr.py. Did you find a resolution to this? I have no data coming in either.

0 Karma

rogierg
New Member

I also threw away the old Okta App and started fresh. Works!

0 Karma

mitchellreed
New Member

Do you see the scripts in the bin directory? I ended up starting fresh and I have data coming in now. Did you create the okta.conf file in local?

0 Karma

pstout
Splunk Employee
Splunk Employee

Rogier,

Have you updated to the latest release? We had something break with the Okta API.

Please feel feel free to reach out to me directly to troubleshoot this.

0 Karma

rogierg
New Member

I'm getting an error: Incorrect path to script: .\bin\oktausr.py. Script must be located inside $SPLUNK_HOME\bin\scripts.

0 Karma

rogierg
New Member

I updated to the latest version but this does also not pull in any data. Any help debugging this further would be greatly appreciated!

0 Karma

mitchellreed
New Member

I am getting some data under "Security Center", mostly failed authentications. For some reason I am not seeing any valid authentications.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...