sourcetypes not working in Okta app

boxjgerace · ‎12-11-2013

I just installed the new Splunk app for Okta. Everything seems to be working fine, except that I cannot query anything based on sourcetype alone. For example: a query for "sourcetype=okta:sso" does not return any results, but a query for "index=okta sourcetype=okta:sso" does work. This is a problem because the included eventtypes and the dashboards do not search with index=okta in the query, thus all the dashboards are empty.

Any ideas?

pstout · ‎05-15-2014

Hello,

We released a new version of the Okta app yesterday that addressed this issue (among others) -- hopefully this helps!

bwindham · ‎12-11-2013

I ran into the same thing. I probably should not have but I added "index=okta" to the searches to correct it for my instance. Probably a permission issue but I wanted to get the app up and running quickly. I'd like to hear how others may have corrected this appropriately rather than the bandaid approach that I did. Another issue I ran into, intermittently, is in regards to the maps. I get "Error in 'script': Getinfo probe failed for external search command 'geoip'"...it eventually works on second or third refresh.

sourcetypes not working in Okta app

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

There's No Place Like Chrome and the Splunk Platform

Customer Experience | Join the Customer Advisory Board!