All Apps and Add-ons

Okta App not working


I am trying to use the Okta App for Splunk with the latest Splunk release. Installed test instance this week.

When I restart Splunk and trace Okta, I always get the following errors

WARN DateParserVerbose - Accepted time (Mon Feb 03 01:40:27 2014) is suspiciously far away from the previous event's time (Tue Feb 04 05:16:47 2014), but still accepted because it was extracted by the same pattern. Context: source::C:\Program Files\Splunk/etc/apps/okta/bin/|host::swglog01|exec|0

2014-02-19 18:11:54.383000 app=okta event_id=okta.api.user.start severity=informational subject="Requesting User Object with limit 1000" Traceback (most recent call last): File "C:\Program Files\Splunk\etc\apps\okta\bin\", line 54, in user[i][0] = evt['id'] KeyError: 'id'

In my Okta index there is no data 😞
Any idea what I am missing?


Splunk Employee
Splunk Employee

Hi Florian,

I released a new version of this yesterday -- can you please let me know if this resolves your issue? Thanks!

0 Karma



I configured the app but i am receiving only below in the logs:

2015-02-09 21:03:56.167978 app=okta event_id=okta.api.query.complete severity=informational subject="Closing with timestamp 2015-02-20T12:00:00.000Z"
2015-02-09 21:03:55.756511 app=okta event_id=okta.api.query.start severity=informational subject="Requesting API at offset 2015-02-20T12:00:00.000Z"

There is no other data and all dashboards are not working.. Here is the config


uri =
auth = SSWS


endpoint = /api/v1/events
limit = 1000
startdate = 2015-02-20T12:00:00.000Z


endpoint = /api/v1/users
limit = 2000

Scripts and buildlookup are enabled.

Any Insight on this?


0 Karma


URI and API token is also configured but somehow missed above while editing.

0 Karma


Finally it seems to be an issue with the browser I used - when using Internet Explorer all is fine!!
Chrome and Firefox raise an error...

Furthermore we had to look through all scripts as they were not interpreted correctly on Windows...

0 Karma

New Member

Hi Florian - I'm having the same issue.

What's weird is that the latest release of 1.1.0 claims to have fixed this bug:
Corrected a key mismatch causing events to log in raw JSON

Makes me think the wrong script was uploaded?

I emailed the author directly, no response yet. I'll let you know!

0 Karma
Get Updates on the Splunk Community!

Understanding Generative AI Techniques and Their Application in Cybersecurity

Watch On-Demand Artificial intelligence is the talk of the town nowadays, with industries of all kinds ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Using the Splunk Threat Research Team’s Latest Security Content

REGISTER HERE Tech Talk | Security Edition Did you know the Splunk Threat Research Team regularly releases ...