Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Okta Splunk Add-on rate limit warnings

nv
New Member
‎09-17-2020 06:42 AM

Hi, We have Okta Splunk Add-on installed to fetch logs from Okta cloud. Currently we are getting rate limit warnings with the Apps (api/v1/apps) endpoint since our organization is having more than 23,000+ users and 150+ apps on-boarded to okta (all users are assigned to all apps). Currently the add-on is fetching logs from App endpoint once a day,  App limit is set to 200, Throttling Threshold Pct as 20 and Maximum log batch size as 60,000 as default in configuration. We are receiving around 200+ warning alerts everyday during the time logs are fetched. 

We tried changing the values of App limit from 200 to 85 but that increased our warnings count so we rolled back. We also tried to increase Throttling Threshold Pct to 40 from 20 but there was no improvement. Can you please help us in providing the possible solution to fix these warnings. 

0 Karma
Reply

thambisetty
SplunkTrust
SplunkTrust
‎09-17-2020 07:07 AM

is TA collecting logs after receiving warning messages also? is you worry about only warning messages?

————————————
If this helps, give a like below.
0 Karma
Reply

nv
New Member
‎09-17-2020 09:22 AM

yes the add-on is collecting logs even after warnings. Yes we are worried about warnings as that may lead to violations in future because we are planning to onboard more and more apps to Okta.

0 Karma
Reply

logloganathan
Motivator
‎09-18-2020 06:32 AM

@niketn @skoelpin we need your help in this topic

0 Karma
Reply

niketn
Legend
‎09-18-2020 07:39 AM

@nv @logloganathan Which Add On are you using

If you are using Splunk Add-on for Okta , it was last updated in 2016 and is no longer Splunk Supported as Okta has created its own app and continues to update it. Refer to the following blog https://www.splunk.com/en_us/blog/tips-and-tricks/end-of-availability-splunk-built-apps-and-add-ons.... and try out Okta Identity Cloud Add-on for Splunk

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...

SplunkTrust Application Period is Officially OPEN!

It's that time, folks! The application/nomination period for the 2026-2027 SplunkTrust is officially open. If ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...