Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk Okta Identity Cloud HTTP/1.1" 401 None

sgalamb
New Member
‎02-11-2021 07:08 AM

We are trying to set up Okta Identity Cloud Add-on for Splunk as the following https://splunkbase.splunk.com/app/3682/#/details

We can see the following error in the internal log

2021-02-11 14:11:58,524 DEBUG pid=15786 tid=MainThread file=connectionpool.py:_make_request:437 |.com:443 "GET /api/v1/users?filter=lastUpdated+gt+%221970-01-01T00%3A00%3A00.000Z%22+and+lastUpdated+lt+%222021-02-11T14%3A11%3A53.270Z%22&limit=1000 HTTP/1.1" 401 None
2021-02-11 14:11:58,525 DEBUG pid=15786 tid=MainThread file=base_modinput.py:log_debug:288 | metric=user | message=_okta_client returned response to our request rid=YCU7LobAly6BohSnrIgL3gAADBs
2021-02-11 14:11:58,526 ERROR pid=15786 tid=MainThread file=base_modinput.py:log_error:309 | Get error when collecting events.
Traceback (most recent call last):
File "/TA-Okta_Identity_Cloud_for_Splunk/bin/ta_okta_identity_cloud_for_splunk/aob_py2/modinput_wrapper/base_modinput.py", line 128, in stream_events
self.collect_events(ew)
File "TA-Okta_Identity_Cloud_for_Splunk/bin/okta_identity_cloud.py", line 68, in collect_events
input_module.collect_events(self, ew)
File "TA-Okta_Identity_Cloud_for_Splunk/bin/input_module_okta_identity_cloud.py", line 829, in collect_events
users = _collectUsers(helper)
File "/TA-Okta_Identity_Cloud_for_Splunk/bin/input_module_okta_identity_cloud.py", line 448, in _collectUsers
users = _okta_caller(helper, resource, params, method, opt_limit)
File "/TA-Okta_Identity_Cloud_for_Splunk/bin/input_module_okta_identity_cloud.py", line 249, in _okta_caller
response = _okta_client(helper, url, params, method)
File /TA-Okta_Identity_Cloud_for_Splunk/bin/input_module_okta_identity_cloud.py", line 411, in _okta_client
response.raise_for_status()
File "TA-Okta_Identity_Cloud_for_Splunk/bin/ta_okta_identity_cloud_for_splunk/aob_py2/requests/models.py", line 940, in raise_for_status
raise HTTPError(http_error_msg, response=self)
HTTPError: 401 Client Error: Unauthorized for url: ..com/api/v1/users?filter=lastUpdated+gt+%221970-01-01T00%3A00%3A00.000Z%22+and+lastUpdated+lt+%222021-02-11T14%3A11%3A53.270Z%22&limit=1000

As the client said the API Token made by a super admin user with all the permissions

Please advise.

Labels (4)
0 Karma
Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...