Getting Data In

Okta Rate Limit "skinny_users" warnings

justynap_ldz
Explorer

Hello everyone,

Could you please help me out with the following query?

We have a TA-Okta_Identity_Cloud_for_Splunk installed on a Heavy Forwarder.
Our customer receives  “skinny_user” rate limit warnings from /api/v1/apps endpoint.
Following Okta documentation, it is suggested to change a limit to the default value of 20:
https://www.okta.com/integrate/documentation/security-enforcement-integrations/security-analytics/#a... 

justynap_ldz_1-1618310655186.png

 

However, when I check limits in our Add-On, the ranges of  User, Group, App and Log Limits (min/max values) are different from the ones in Okta documentation. 

justynap_ldz_0-1618310616950.png

Could you please help me finding the right limit which I should adjust in Splunk?


Thank you!

Labels (1)
0 Karma
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!