Set up the Splunk Add-on for Box
Before you follow the instructions on this page to set up the Splunk Add-on for Box, be sure to obtain your client ID and client secret from Box.
- On Splunk Web, go to the Splunk Add-on for Box, either by clicking the name of this add-on on the left navigation banner or by going to Manage Apps, then clicking Launch App in the row for the Splunk Add-on for Box.
- Click the Configuration tab.
- Click the Accounts tab.
- In the Add Box Account dialogue box, fill in the required fields:
Field Description Account Name The name of your Box account. Client ID The client ID that you obtained from Box. Client Secret The client secret that you obtained from Box. Redirect URL Copy the Redirect URL here and paste it in your app configuration of Box. - To trigger OAuth 2.0 authentication, click Add. The Splunk platform opens a new window to the Box login page.
- Within 30 seconds, enter your credentials for the Box account that you used to obtain the client ID and client secret.
- Click Grant Access to Box. If you don't successfully enter credentials within 30 seconds, the request times out.
- (Optional) To configure multiple accounts, in the Splunk Add-on for Box, make sure that you are logged-in in to the Box account that you want to configure. If you are unsure which account you have logged-in in the Box for the same browser, perform the following steps:
- In a compatible web browser, navigate to your Box account, and log out of your account.
- In the same browser, navigate to your Splunk platform instance, and open Splunk Web.
- In Splunk Web, navigate to the Splunk Add-on for Box, and click on the Configuration page.
- Enter the client ID and client secret of your Box account.
- Click the "Save" button. A pop up will ask to log in into the Box account.
- Enter the credentials of your Box account.
- Click Grant Access to Box.
- Once the save is successful, navigate to your Box account, and repeat the process to configure any additional Box accounts.
- If you are using a proxy, check Enable Proxy and fill in the required fields on the Configuration tab. For instructions on configuring this through the CLI, including advanced options, see Configure a proxy using configuration files.
- If authentication succeeds, the add-on saves the access token and refreshes it internally. If authentication fails, you see this message: "Request time out while authenticating. Please try again." If you see this message, check your client ID and client secret are correct and try again.
Next, configure your inputs.
(Optional) Change logging level
- On Splunk Web, go to the Splunk Add-on for Box, either by clicking the name of this add-on on the left navigation banner or by going to Manage Apps, then clicking Launch App in the row for the Splunk Add-on for Box.
- Click the Configuration tab.
- Click the Logging tab.
- Select a new logging level from the drop-down menu.
- Click Save to save your configurations.
(Optional) Proxy setup
- On Splunk Web, go to the Splunk Add-on for Box, either by clicking the name of this add-on on the left navigation banner or by going to Manage Apps, then clicking Launch App in the row for the Splunk Add-on for Box.
- Click the Configuration tab.
- Click the Proxy tab.
- Check Enable and fill in the required fields.
Configure a proxy using configuration files
You can also configure your proxy using the configuration files. This gives you access to a few advanced options.
- Create or edit
$SPLUNK_HOME/etc/apps/Splunk_TA_box/local/splunk_ta_box_settings.conf
. - Fill in values for your proxy using the following structure:
[box_proxy] proxy_enabled = 0 proxy_url = proxy_port = proxy_username = proxy_password = proxy_rdns = 1 proxy_type = http
- Adjust the
proxy_rdns
to0
if you want to use the local machine to do a DNS lookup. Leaving it at1
means that the DNS lookup occurs through the proxy. - Adjust the
proxy_type
tohttp_no_tunnel
if that is your preference. - Enable the proxy by setting
proxy_enabled
to1
.
Add SSL certificate to trust lists
If you encounter a SSLHandshakeError
:
- The SSL certificate entry might be missing from your certificate store.
- The Box server is configured over a self-signed certificate and isn't present in the library's certificate store. Follow the below steps to resolve the issue:
- Download the root CA certificate used in your Box deployment.
- Copy the contents of the new certificate.
- Navigate to
$SPLUNK_HOME/etc/apps/Splunk_TA_box
. - Create a new <certs_file>.pem file and add the content of the new certificate. Append the new certificate content if the file is already present.
- Open the
local/splunk_ta_box_settings.conf
file in a text editor. Create a new one if not present. - Add the
ca_certs_path
parameter value as below: - Save your changes.
- Restart your Splunk instance.
[additional_parameters] ca_certs_path=/opt/splunk/etc/apps/Splunk_TA_box/custom_ca_certs.pem # <absolute path to the <certs_file>.pem file>
Certificates of all the Box servers configured in the add-on must be present under the
file, if you are using the ca_certs_path
parameter as mentioned in the above steps.
Configure credentials on Box for the Splunk Add-on for Box | Comparison between Historical Querying Inputs and Live Monitoring Inputs |
This documentation applies to the following versions of Splunk® Supported Add-ons: released, released
Feedback submitted, thanks!