Splunk® Supported Add-ons

Splunk Add-on for Box

Configure Live Monitoring Inputs for the Splunk Add-on for Box

To configure live monitoring inputs for the Splunk Add-on for Box, complete these steps:

  1. On Splunk Web, go to the Splunk Add-on for Box, either by clicking the name of this add-on on the left navigation banner, or by going to Manage Apps then by clicking Launch App in the row for the Splunk Add-on for Box.
  2. Click the Inputs tab.
  3. Click Create new input and then choose "Live Monitoring Inputs".
  4. Fill in the required fields:
    Field Description
    Name A name for the new input
    Box account The Box account with permissions for the input. Ensure you have set up the add-on to work with this Box account.
    Endpoint The Box API endpoint relevant to collecting data for a given metric. This field is disabled and value is selected by default. The Splunk Add-on for Box provides one Endpoint — events, which uses admin_logs_streaming Box REST API:
    Metric Description
    events (admin_logs_streaming) Box enterprise events using Box admin_logs_streaming API.
    Interval How often, in seconds, the Splunk platform calls the API to collect data for a metric. This value overrides the configuration of the default collection interval in the setup screen. Set to 120 seconds or above to avoid rate limiting errors.
    Index The index in which the Splunk platform stores events from Box. The default is main.

    When you enable the Events input for the first time, the add-on collects enterprise event data using admin_logs_streaming API using stream position as 0, which starts bringing data starting from the past 2 weeks (this is based on what BOX API supports). The add-on collects this data at a maximum rate of 500 records at a time until it gets no records and then next calls are done based on the user defined interval (default every 120 seconds).

  5. Once you are satisfied with the configurations, click Enable next to the metrics you want to enable.

Checkpoint management

If the Splunk Add-on for Box finds an existing checkpoint for a given input name, a Use existing data input dialogue box appears. If you select Yes, then data is collected from that checkpoint. If you select No, then data collection resets. It begins from the stream position 0, which starts bringing data from the past 2 weeks. This option will only appear when editing inputs containing the events metric.

Last modified on 22 December, 2023
Configure Historical Querying Inputs for the Splunk Add-on for Box   Troubleshoot the Splunk Add-on for Box

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters