Are you a member of the Splunk Community?
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- Re: Splunk App for Dropbox for Business: 30,000 ev...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I just installed Dropbox app, and set up OAuth and integrated with Dropbox Business. I see that dfb index has been created for the Dropbox app, and more than 30,000 events were added to the dfb index. However, I still do not see anything from the Dropbox App main dashboard. What am I missing?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here is the answer that came from Splunk support that fixed this problem for us:
"It turned out that the app was not designed for a clustered envirnment. We found that the eventtype was calling for a macro.conf that was not being pushed out to the indexers when the search was made. We then changed the eventtype to look at the index itself and it started to work. I have emailed the publisher to fix this in his app and hope to see a new one published soon." -Splunk Support
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here is the answer that came from Splunk support that fixed this problem for us:
"It turned out that the app was not designed for a clustered envirnment. We found that the eventtype was calling for a macro.conf that was not being pushed out to the indexers when the search was made. We then changed the eventtype to look at the index itself and it started to work. I have emailed the publisher to fix this in his app and hope to see a new one published soon." -Splunk Support
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
A lot of the dashboards default to the last 7 days. It may take a while for the app to collect enough data to show up for that time frame as the app only collects about 1000 events every 60 seconds. This collection starts from the beginning of your Dropbox data. Try changing your time range to All Time to see if the dashboards populate.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have installed the app without issue and as above had no data fro the last 7 days, upon finding this post I changed it to "All Time" and saw data being imported from the start of the year, which was when we started using DFB. Again it was importing approx. 1000 records every minute so I left it to run over the weekend and now have over 4.5 million records pulled in but still only have a few days in the time line. The data looks like it is being duplicated. Any idea's gratefully received?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, I just tested with "All Time", but it is still not showing anything.
However, I just noticed one odd thing -- somehow the Source Type "dfb:activity" is not showing up in the "Source Types" list. So I tried to manually create one, but the system says that the source type already exists and thus it won't let me manually create one. I wonder why "dfb:activity" is not showing up in the Source Types list?
Tech Talk Recap | Mastering Threat Hunting
Observability for AI Applications: Troubleshooting Latency
Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?
