I am using the Splunk App and Add-on for Okta. Works pretty great so far, EXCEPT:
The production Okta data is not being returned by the Splunk app, but all of the non-production data is (dev, stage, qa). Is there anything obvious I could change from the Splunk side that would make this call work?
Can you explain more about production okra data and non-production data please? I am guessing you're using multiple domains and probably need to configure access from your account to those domains (Okta side).
Yes, I am only the splunk administrator, so I have limited understanding of okta. This is how I have configured things so far;
for dev, QA, & stage environment, I supplied the following:
URL, ( e..g - dev-123456.okta-preview.com) all non-production URLs contained the word "preview"
API Token, (e.g. - ASDHJKGHD123123146346etc....) unique API token for each URL
For prod I did the same, only with a different URL & API key. So I suppose I am trying to determine if there is a difference in how an okta-preview URL would be set up compared to a production okta URL.