I'm trying to re-install the Box Add-on, which has somehow stopped working. I do not have a universal forwarder, that has a GUI to set up the Box API information, so I just installed on my Search Head. I am able to successfully grant Splunk access to my Box account and pull events.
But I cannot add the Data Inputs, as specified in the configuration instructions. In fact, when I try to "Add Data" the web page just spins at "loading" and I never even get a chance to add the inputs.
Splunk support says this is because I don't have the Add-on installed on a forwarder so they will no longer assist me.
Hopefully someone out there can help me.
This add-on is supported in a single-instance deployment of the Splunk platform, so you can install it on your single instance and configure input collection there, and that should be supported.
If you have a distributed deployment, per the documentation, you should set up a heavy forwarder (a full Splunk Enterprise instance) to handle your data inputs. (This add-on does not support universal forwarders for data collection.) Install the add-on on BOTH your search head and your heavy forwarder, but configure the add-on on your heavy forwarder only. Make sure you are using an account that has the admin role when you perform the configuration.
Here is the installation documentation: http://docs.splunk.com/Documentation/AddOns/released/Box/Install
I forgot to add, your data collection instance has to be running Linux.
Thanks to kmorris and rpille. So it sounds like I can install on ONLY a search head if I want and that is a supported configuration. Since I do not have a heavy forwarder right now it is best for me to just do it on a search head.
I appreciate the speedy responses.
Thanks!! I'm running splunk on linux. and I've gotten events before. just had some issues and needed to reinstall.
@ kmorris [Splunk] , @rpille [Splunk]
Is there a way to index box files. example: I had a csv file which is saved in box. I want to index that csv data in to splunk. Is it possible?
Not through this add-on. This add-on doesn't index the contents of files in Box.
You can download those files to a location that the Splunk platform can monitor and then set up a monitor input.
How can you collect box data if you are in a on-prem (HFs and UFs) cloud windows Splunk environment ?