- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: Splunk Add-On for Box only receiving my file/f...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk Add-On for Box only receiving my file/folder data
We have the Box integration set up on a HFW, and we have proper permissions set up on the Box side. The integration user has the following co-admin rights:
- Manage users
- Manage groups
- View users content
- Edit users content (for testing)
- Log in to users accounts (for testing)
- View settings / apps for your company
- Edit settings and apps for your company
- Run new reports and access existing reports
- View policies set up for your company
- Create, edit, and delete policies for your company (for testing)
- View automations set up for your company
- Create, edit, and delete automations for your company (for testing)
- Create and edit metadata templates for your company (for testing)
However, the file/folder sourcetypes are only pulling data for the integration user. All other sourcetypes pull through with everyone's data just fine. Anyone have any ideas as to why that might be? Thanks.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you get this figured out? I am having the same issue.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Negative; I have a support case still open about it. I'll update as I get useful information.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you ever get a resolution to this?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
KaraD
Hi @samejgink! Since this question was from a few years ago, we recommend posting your question in a new thread to gain more visibility. Thanks!
- Kara D, Community Manager
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I worked with a Box technical engineer on this and he indicated it is because we have an "open file structure" at Box instead of "closed". Anybody can post to the Open Files folder. We are getting everything important with the sourcetype box:events so we can see who logs in, uploads, downloads, delete, etc. The box:files sourcetype sounds like it is functioning as designed with our file structure.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Only the file/folder sourcetypes allow for the 'location' field to be populated, though, and that's what we're trying to get. Thank you for the information you've gotten thus far!
Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...
Monitoring Amazon Elastic Kubernetes Service (EKS)
Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation
