Splunk® Supported Add-ons

Splunk Add-on for Box

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Set up the Splunk Add-on for Box

Before you follow the instructions on this page to set up the Splunk Add-on for Box, be sure to obtain your client ID and client secret from Box.

  1. On Splunk Web, go to the Splunk Add-on for Box, either by clicking the name of this add-on on the left navigation banner or by going to Manage Apps, then clicking Launch App in the row for the Splunk Add-on for Box.
  2. Click the Configuration tab.
  3. Click the Accounts tab.
  4. In the Add Box Account dialogue box, fill in the required fields:
    Field Description
    Account Name The name of your Box account.
    Client ID The client ID that you obtained from Box.
    Client Secret The client secret that you obtained from Box.
    Redirect URL Copy the Redirect URL here and paste it in your app configuration of Box.
  5. To trigger OAuth 2.0 authentication, click Add. The Splunk platform opens a new window to the Box login page.
  6. Within 30 seconds, enter your credentials for the Box account that you used to obtain the client ID and client secret.
  7. Click Grant Access to Box. If you don't successfully enter credentials within 30 seconds, the request times out.
  8. (Optional) To configure multiple accounts, in the Splunk Add-on for Box, make sure that you are logged-in in to the Box account that you want to configure. If you are unsure which account you have logged-in in the Box for the same browser, perform the following steps:
    1. In a compatible web browser, navigate to your Box account, and log out of your account.
    2. In the same browser, navigate to your Splunk platform instance, and open Splunk Web.
    3. In Splunk Web, navigate to the Splunk Add-on for Box, and click on the Configuration page.
    4. Enter the client ID and client secret of your Box account.
    5. Click the "Save" button. A pop up will ask to log in into the Box account.
    6. Enter the credentials of your Box account.
    7. Click Grant Access to Box.
    8. Once the save is successful, navigate to your Box account, and repeat the process to configure any additional Box accounts.
  9. If you are using a proxy, check Enable Proxy and fill in the required fields on the Configuration tab. For instructions on configuring this through the CLI, including advanced options, see Configure a proxy using configuration files.
  10. If authentication succeeds, the add-on saves the access token and refreshes it internally. If authentication fails, you see this message: "Request time out while authenticating. Please try again." If you see this message, check your client ID and client secret are correct and try again.

Next, configure your inputs.

(Optional) Change logging level

  1. On Splunk Web, go to the Splunk Add-on for Box, either by clicking the name of this add-on on the left navigation banner or by going to Manage Apps, then clicking Launch App in the row for the Splunk Add-on for Box.
  2. Click the Configuration tab.
  3. Click the Logging tab.
  4. Select a new logging level from the drop-down menu.
  5. Click Save to save your configurations.

(Optional) Proxy setup

  1. On Splunk Web, go to the Splunk Add-on for Box, either by clicking the name of this add-on on the left navigation banner or by going to Manage Apps, then clicking Launch App in the row for the Splunk Add-on for Box.
  2. Click the Configuration tab.
  3. Click the Proxy tab.
  4. Check Enable and fill in the required fields.

Configure a proxy using configuration files

You can also configure your proxy using the configuration files. This gives you access to a few advanced options.

  1. Create or edit $SPLUNK_HOME/etc/apps/Splunk_TA_box/local/splunk_ta_box_settings.conf.
  2. Fill in values for your proxy using the following structure: 
    [box_proxy]
proxy_enabled = 0
proxy_url =
proxy_port =
proxy_username =
proxy_password =
proxy_rdns = 1
proxy_type = http
  3. Adjust the proxy_rdns to 0 if you want to use the local machine to do a DNS lookup. Leaving it at 1 means that the DNS lookup occurs through the proxy.
  4. Adjust the proxy_type to http_no_tunnel if that is your preference.
  5. Enable the proxy by setting proxy_enabled to 1.

Add SSL certificate to trust lists

If you encounter a SSLHandshakeError:

  • The SSL certificate entry might be missing from your certificate store.
  • The Box server is configured over a self-signed certificate and isn't present in the library's certificate store. Follow the below steps to resolve the issue:
  1. Download the root CA certificate used in your Box deployment.
  2. Copy the contents of the new certificate.
  3. Navigate to $SPLUNK_HOME/etc/apps/Splunk_TA_box.
  4. Create a new <certs_file>.pem file and add the content of the new certificate. Append the new certificate content if the file is already present.
  5. Open the local/splunk_ta_box_settings.conf file in a text editor. Create a new one if not present.
  6. Add the ca_certs_path parameter value as below:
    7. [additional_parameters]
ca_certs_path=/opt/splunk/etc/apps/Splunk_TA_box/custom_ca_certs.pem # <absolute path to the <certs_file>.pem file>
  7. Save your changes.
  8. Restart your Splunk instance.

Certificates of all the Box servers configured in the add-on must be present under the .pem file, if you are using the ca_certs_path parameter as mentioned in the above steps.

Last modified on 22 December, 2023
PREVIOUS
Configure credentials on Box for the Splunk Add-on for Box 		  NEXT
Configure inputs for the Splunk Add-on for Box

This documentation applies to the following versions of Splunk® Supported Add-ons: released, released

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters