I am trying to install the latest version of the addon and app by following the documentation. I did everything according to the documentation here https://docs.splunk.com/Documentation/AddOns/released/OKTA/Setup. The app doesnt doesnt seem to collect any data. Any help would be appreciated. Thanks
OKTA doesn't support custom sourcetypes. Please use default sourcetype (okta:im) if you are using a different one.
Try running a curl to API Key/token on your Heavy forwarder where OKTA add-on is installed and make sure you are seeing response without any error or timeouts.
curl -H "X-RFToken: 00ABCDXYZXXXXXXXXXXXXXXXXX" "https://XXXXXXXXXX.okta.com"
Use (hxxps://splunkbase.splunk.com/app/3682/) this Add-on of OKTA in case if you are seeing issues with your current Add-on (version 1.3.0) since newer one works perfectly and it doesn't need https or http in OKTA domain name settings.
Hope this helps!!
Thanks,
Sai
@skrish91 Did you check the splunkd logs? Make sure the API tokens are correct. Also in Okta Domain name do not use http:// or https://
Yes splunkd logs doesnt show any errors. For the Oka domain name I need to specify https:// itseems. If I dont specify it then the validation fails.
@skrish91 Please see my response in the post.