All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Okta App not working

helptec3012
Engager
‎02-19-2014 09:19 AM

HI,
I am trying to use the Okta App for Splunk with the latest Splunk release. Installed test instance this week.

When I restart Splunk and trace Okta, I always get the following errors

WARN DateParserVerbose - Accepted time (Mon Feb 03 01:40:27 2014) is suspiciously far away from the previous event's time (Tue Feb 04 05:16:47 2014), but still accepted because it was extracted by the same pattern. Context: source::C:\Program Files\Splunk/etc/apps/okta/bin/okta.py|host::swglog01|exec|0

2014-02-19 18:11:54.383000 app=okta event_id=okta.api.user.start severity=informational subject="Requesting User Object with limit 1000" Traceback (most recent call last): File "C:\Program Files\Splunk\etc\apps\okta\bin\oktausr.py", line 54, in user[i][0] = evt['id'] KeyError: 'id'

In my Okta index there is no data 😞
Any idea what I am missing?

Thanks
Florian

Reply

pstout
Splunk Employee
Splunk Employee
‎05-15-2014 12:21 PM

Hi Florian,

I released a new version of this yesterday -- can you please let me know if this resolves your issue? Thanks!

0 Karma
Reply

hemendralodhi
Contributor
‎02-09-2015 01:13 PM

Hello,

I configured the app but i am receiving only below in the logs:

2015-02-09 21:03:56.167978 app=okta event_id=okta.api.query.complete severity=informational subject="Closing with timestamp 2015-02-20T12:00:00.000Z"
2015-02-09 21:03:55.756511 app=okta event_id=okta.api.query.start severity=informational subject="Requesting API at offset 2015-02-20T12:00:00.000Z"

There is no other data and all dashboards are not working.. Here is the config

[default]

uri =
auth = SSWS

[okta]

endpoint = /api/v1/events
limit = 1000
startdate = 2015-02-20T12:00:00.000Z

[okta_user]

endpoint = /api/v1/users
limit = 2000

Scripts and buildlookup are enabled.

Any Insight on this?

Thanks
Hemendra

0 Karma
Reply

hemendralodhi
Contributor
‎02-09-2015 01:14 PM

URI and API token is also configured but somehow missed above while editing.

0 Karma
Reply

helptec3012
Engager
‎03-17-2014 01:00 AM

Finally it seems to be an issue with the browser I used - when using Internet Explorer all is fine!!
Chrome and Firefox raise an error...

Furthermore we had to look through all scripts as they were not interpreted correctly on Windows...

0 Karma
Reply

nyit
New Member
‎03-14-2014 11:45 AM

Hi Florian - I'm having the same issue.

What's weird is that the latest release of 1.1.0 claims to have fixed this bug:
Corrected a key mismatch causing events to log in raw JSON

Makes me think the wrong script was uploaded?

I emailed the author directly, no response yet. I'll let you know!

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...