All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Okta App not working

helptec3012
Engager
‎02-19-2014 09:19 AM

HI,
I am trying to use the Okta App for Splunk with the latest Splunk release. Installed test instance this week.

When I restart Splunk and trace Okta, I always get the following errors

WARN DateParserVerbose - Accepted time (Mon Feb 03 01:40:27 2014) is suspiciously far away from the previous event's time (Tue Feb 04 05:16:47 2014), but still accepted because it was extracted by the same pattern. Context: source::C:\Program Files\Splunk/etc/apps/okta/bin/okta.py|host::swglog01|exec|0

2014-02-19 18:11:54.383000 app=okta event_id=okta.api.user.start severity=informational subject="Requesting User Object with limit 1000" Traceback (most recent call last): File "C:\Program Files\Splunk\etc\apps\okta\bin\oktausr.py", line 54, in user[i][0] = evt['id'] KeyError: 'id'

In my Okta index there is no data 😞
Any idea what I am missing?

Thanks
Florian

Reply

pstout
Splunk Employee
Splunk Employee
‎05-15-2014 12:21 PM

Hi Florian,

I released a new version of this yesterday -- can you please let me know if this resolves your issue? Thanks!

0 Karma
Reply

hemendralodhi
Contributor
‎02-09-2015 01:13 PM

Hello,

I configured the app but i am receiving only below in the logs:

2015-02-09 21:03:56.167978 app=okta event_id=okta.api.query.complete severity=informational subject="Closing with timestamp 2015-02-20T12:00:00.000Z"
2015-02-09 21:03:55.756511 app=okta event_id=okta.api.query.start severity=informational subject="Requesting API at offset 2015-02-20T12:00:00.000Z"

There is no other data and all dashboards are not working.. Here is the config

[default]

uri =
auth = SSWS

[okta]

endpoint = /api/v1/events
limit = 1000
startdate = 2015-02-20T12:00:00.000Z

[okta_user]

endpoint = /api/v1/users
limit = 2000

Scripts and buildlookup are enabled.

Any Insight on this?

Thanks
Hemendra

0 Karma
Reply

hemendralodhi
Contributor
‎02-09-2015 01:14 PM

URI and API token is also configured but somehow missed above while editing.

0 Karma
Reply

helptec3012
Engager
‎03-17-2014 01:00 AM

Finally it seems to be an issue with the browser I used - when using Internet Explorer all is fine!!
Chrome and Firefox raise an error...

Furthermore we had to look through all scripts as they were not interpreted correctly on Windows...

0 Karma
Reply

nyit
New Member
‎03-14-2014 11:45 AM

Hi Florian - I'm having the same issue.

What's weird is that the latest release of 1.1.0 claims to have fixed this bug:
Corrected a key mismatch causing events to log in raw JSON

Makes me think the wrong script was uploaded?

I emailed the author directly, no response yet. I'll let you know!

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...