All Apps and Add-ons

Splunk Add-On for Box only receiving my file/folder data

kprior201_lilly
Path Finder

We have the Box integration set up on a HFW, and we have proper permissions set up on the Box side. The integration user has the following co-admin rights:
- Manage users
- Manage groups
- View users content
- Edit users content (for testing)
- Log in to users accounts (for testing)
- View settings / apps for your company
- Edit settings and apps for your company
- Run new reports and access existing reports
- View policies set up for your company
- Create, edit, and delete policies for your company (for testing)
- View automations set up for your company
- Create, edit, and delete automations for your company (for testing)
- Create and edit metadata templates for your company (for testing)

However, the file/folder sourcetypes are only pulling data for the integration user. All other sourcetypes pull through with everyone's data just fine. Anyone have any ideas as to why that might be? Thanks.

0 Karma

carlkennedy
Path Finder

Did you get this figured out? I am having the same issue.

0 Karma

kprior201_lilly
Path Finder

Negative; I have a support case still open about it. I'll update as I get useful information.

0 Karma

samejgink
Explorer

Did you ever get a resolution to this?

0 Karma

KaraD
Community Manager
Community Manager

Hi @samejgink! Since this question was from a few years ago, we recommend posting your question in a new thread to gain more visibility. Thanks!

 

- Kara D, Community Manager

0 Karma

carlkennedy
Path Finder

I worked with a Box technical engineer on this and he indicated it is because we have an "open file structure" at Box instead of "closed". Anybody can post to the Open Files folder. We are getting everything important with the sourcetype box:events so we can see who logs in, uploads, downloads, delete, etc. The box:files sourcetype sounds like it is functioning as designed with our file structure.

0 Karma

kprior201_lilly
Path Finder

Only the file/folder sourcetypes allow for the 'location' field to be populated, though, and that's what we're trying to get. Thank you for the information you've gotten thus far!

0 Karma
Get Updates on the Splunk Community!

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...