Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Okta Splunk Add-on rate limit warnings

nv
New Member
‎09-17-2020 06:42 AM

Hi, We have Okta Splunk Add-on installed to fetch logs from Okta cloud. Currently we are getting rate limit warnings with the Apps (api/v1/apps) endpoint since our organization is having more than 23,000+ users and 150+ apps on-boarded to okta (all users are assigned to all apps). Currently the add-on is fetching logs from App endpoint once a day,  App limit is set to 200, Throttling Threshold Pct as 20 and Maximum log batch size as 60,000 as default in configuration. We are receiving around 200+ warning alerts everyday during the time logs are fetched. 

We tried changing the values of App limit from 200 to 85 but that increased our warnings count so we rolled back. We also tried to increase Throttling Threshold Pct to 40 from 20 but there was no improvement. Can you please help us in providing the possible solution to fix these warnings. 

Labels (1)
Labels
0 Karma
Reply

thambisetty
SplunkTrust
SplunkTrust
‎09-17-2020 07:07 AM

is TA collecting logs after receiving warning messages also? is you worry about only warning messages?

————————————
If this helps, give a like below.
0 Karma
Reply

nv
New Member
‎09-17-2020 09:22 AM

yes the add-on is collecting logs even after warnings. Yes we are worried about warnings as that may lead to violations in future because we are planning to onboard more and more apps to Okta.

0 Karma
Reply

logloganathan
Motivator
‎09-18-2020 06:32 AM

@niketn @skoelpin we need your help in this topic

0 Karma
Reply

niketn
Legend
‎09-18-2020 07:39 AM

@nv @logloganathan Which Add On are you using

If you are using Splunk Add-on for Okta , it was last updated in 2016 and is no longer Splunk Supported as Okta has created its own app and continues to update it. Refer to the following blog https://www.splunk.com/en_us/blog/tips-and-tricks/end-of-availability-splunk-built-apps-and-add-ons.... and try out Okta Identity Cloud Add-on for Splunk

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Get the T-shirt to Prove You Survived Splunk University Bootcamp

As if Splunk University, in Las Vegas, in-person, with three days of bootcamps and labs weren’t enough, now ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...