All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Okta App not working

helptec3012
Engager
‎02-19-2014 09:19 AM

HI,
I am trying to use the Okta App for Splunk with the latest Splunk release. Installed test instance this week.

When I restart Splunk and trace Okta, I always get the following errors

WARN DateParserVerbose - Accepted time (Mon Feb 03 01:40:27 2014) is suspiciously far away from the previous event's time (Tue Feb 04 05:16:47 2014), but still accepted because it was extracted by the same pattern. Context: source::C:\Program Files\Splunk/etc/apps/okta/bin/okta.py|host::swglog01|exec|0

2014-02-19 18:11:54.383000 app=okta event_id=okta.api.user.start severity=informational subject="Requesting User Object with limit 1000" Traceback (most recent call last): File "C:\Program Files\Splunk\etc\apps\okta\bin\oktausr.py", line 54, in user[i][0] = evt['id'] KeyError: 'id'

In my Okta index there is no data 😞
Any idea what I am missing?

Thanks
Florian

Reply

pstout
Splunk Employee
Splunk Employee
‎05-15-2014 12:21 PM

Hi Florian,

I released a new version of this yesterday -- can you please let me know if this resolves your issue? Thanks!

0 Karma
Reply

hemendralodhi
Contributor
‎02-09-2015 01:13 PM

Hello,

I configured the app but i am receiving only below in the logs:

2015-02-09 21:03:56.167978 app=okta event_id=okta.api.query.complete severity=informational subject="Closing with timestamp 2015-02-20T12:00:00.000Z"
2015-02-09 21:03:55.756511 app=okta event_id=okta.api.query.start severity=informational subject="Requesting API at offset 2015-02-20T12:00:00.000Z"

There is no other data and all dashboards are not working.. Here is the config

[default]

uri =
auth = SSWS

[okta]

endpoint = /api/v1/events
limit = 1000
startdate = 2015-02-20T12:00:00.000Z

[okta_user]

endpoint = /api/v1/users
limit = 2000

Scripts and buildlookup are enabled.

Any Insight on this?

Thanks
Hemendra

0 Karma
Reply

hemendralodhi
Contributor
‎02-09-2015 01:14 PM

URI and API token is also configured but somehow missed above while editing.

0 Karma
Reply

helptec3012
Engager
‎03-17-2014 01:00 AM

Finally it seems to be an issue with the browser I used - when using Internet Explorer all is fine!!
Chrome and Firefox raise an error...

Furthermore we had to look through all scripts as they were not interpreted correctly on Windows...

0 Karma
Reply

nyit
New Member
‎03-14-2014 11:45 AM

Hi Florian - I'm having the same issue.

What's weird is that the latest release of 1.1.0 claims to have fixed this bug:
Corrected a key mismatch causing events to log in raw JSON

Makes me think the wrong script was uploaded?

I emailed the author directly, no response yet. I'll let you know!

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...