Solved: Can I install the Splunk Add-on for Box on just my...

darlas · ‎08-17-2017

Hi.

I'm trying to re-install the Box Add-on, which has somehow stopped working. I do not have a universal forwarder, that has a GUI to set up the Box API information, so I just installed on my Search Head. I am able to successfully grant Splunk access to my Box account and pull events.

But I cannot add the Data Inputs, as specified in the configuration instructions. In fact, when I try to "Add Data" the web page just spins at "loading" and I never even get a chance to add the inputs.

Splunk support says this is because I don't have the Add-on installed on a forwarder so they will no longer assist me.

Hopefully someone out there can help me.

-Darla

rpille_splunk · ‎08-17-2017

Hi Darla,

This add-on is supported in a single-instance deployment of the Splunk platform, so you can install it on your single instance and configure input collection there, and that should be supported.

If you have a distributed deployment, per the documentation, you should set up a heavy forwarder (a full Splunk Enterprise instance) to handle your data inputs. (This add-on does not support universal forwarders for data collection.) Install the add-on on BOTH your search head and your heavy forwarder, but configure the add-on on your heavy forwarder only. Make sure you are using an account that has the admin role when you perform the configuration.

Here is the installation documentation: http://docs.splunk.com/Documentation/AddOns/released/Box/Install

View solution in original post

omuelle1 · ‎05-06-2019

How can you collect box data if you are in a on-prem (HFs and UFs) cloud windows Splunk environment ?

mpreddy · ‎09-18-2017

@ kmorris [Splunk] , @rpille [Splunk]

Hi Morris/rpille,

Is there a way to index box files. example: I had a csv file which is saved in box. I want to index that csv data in to splunk. Is it possible?

Regards,
Reddy

rpille_splunk · ‎09-18-2017

Not through this add-on. This add-on doesn't index the contents of files in Box.

You can download those files to a location that the Splunk platform can monitor and then set up a monitor input.

mpreddy · ‎09-18-2017

@rpille

Thanks rpille.

darlas · ‎08-17-2017

Thanks!! I'm running splunk on linux. and I've gotten events before. just had some issues and needed to reinstall.

darlas · ‎08-17-2017

Thanks to kmorris and rpille. So it sounds like I can install on ONLY a search head if I want and that is a supported configuration. Since I do not have a heavy forwarder right now it is best for me to just do it on a search head.

I appreciate the speedy responses.

kmorris_splunk · ‎08-17-2017

It is not recommended to ingest data through the Search Head. For Add-ons with a GUI configuration, you would want to install a Heavy Forwarder. Take a look at this table from the docs for the Box Add-on.

rpille_splunk · ‎08-17-2017

Hi Darla,

This add-on is supported in a single-instance deployment of the Splunk platform, so you can install it on your single instance and configure input collection there, and that should be supported.

If you have a distributed deployment, per the documentation, you should set up a heavy forwarder (a full Splunk Enterprise instance) to handle your data inputs. (This add-on does not support universal forwarders for data collection.) Install the add-on on BOTH your search head and your heavy forwarder, but configure the add-on on your heavy forwarder only. Make sure you are using an account that has the admin role when you perform the configuration.

Here is the installation documentation: http://docs.splunk.com/Documentation/AddOns/released/Box/Install

rpille_splunk · ‎08-17-2017

I forgot to add, your data collection instance has to be running Linux.

Can I install the Splunk Add-on for Box on just my search head, and not use a Forwarder?

Splunk Classroom Chronicles: Training Tales and Testimonials

Access Tokens Page - New & Improved

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!