All Apps and Add-ons

Splunk Add-on for Okta Identity Cloud - truncation and line breaker issues?

henriquelinsmey
Explorer

Hi Splunk Inc. Team,

I'm experiencing issues with truncation across all sourcetypes  "OktaIM2:*" where in most cases only TRUNCATE=250000 can resolve.

I also detected an issue with LINE_BREAKER regex pattern for sourcetype=OktaIM2:group causing logs not to be ingested.

...current pattern defaults to:

([\r\n]+)


and I had to modify to:
(?<=\}\}\})(\, )

 

Can we please have these issues addressed and a new version cut for this Add-on in splunkbase?

Thank you.

Labels (2)
Tags (2)
0 Karma
Get Updates on the Splunk Community!

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

The latest enhancements across the Splunk Observability portfolio deliver greater flexibility, better data and ...

Alerting Best Practices: How to Create Good Detectors

At their best, detectors and the alerts they trigger notify teams when applications aren’t performing as ...

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Hey Splunky people! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2408. In this ...