Splunk® Supported Add-ons

Splunk Add-on for Okta Identity Cloud

Release history for the Splunk Add-on for Okta Identity Cloud

The latest version of this product is 2.2.1, see the latest release notes for more information.

Version 2.2.0

Version 2.2.0 of the Splunk Add-on for Okta Identity Cloud was released on April 30, 2024.

Compatibility

Version 2.2.0 of the Splunk Add-on for Okta Identity Cloud is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 9.1.x, 9.2.x
CIM 5.3.1
Platforms Platform independent
Vendor Products Okta API v1

New Features

  • Enhanced CIM support to a few important security eventTypes which are described below:
    • Added CIM support to the eventTypes - system.email.new_device_notification.sent_message, security.behavior.settings.update, user.account.report_suspicious_activity_by_enduser, device.user.remove, user.account.expire_password, system.idp.lifecycle.read_client_secret, system.idp.lifecycle.delete, system.idp.lifecycle.deactivate, system.idp.lifecycle.activate, system.idp.lifecycle.create, policy.rule.delete
    • Enhanced CIM data model tagging from Alerts DM to Authentication DM for the eventType - system.push.send_factor_verify_push
  • Updated cron schedule of all the savedsearches.
    • All the savedsearch would run at a gap of 10 mins and not at the same time. This will resolve the search concurrency issue.
  • Multi-line logs and error tracebacks logged in the add-on's log file will now be ingested in Splunk as a single event
    • This will let users have better visibility of the error tracebacks and will resolve the issue of timestamping of the add-on logs
  • Introduced a System Log Streaming Dashboard, which monitors the data ingestion of system logs in the add-on.
    • This will enable users to know about the system logs events being missed between a specific time range, and they can recollect the system logs using the modular input and fill the data gap
  • Introduced a new parameter "End Date" for Logs Metric in modular input
    • Utilizing this parameter, users will be able to collect the system logs between a time range by providing appropriate values in "Start Date" and "End Date" fields
  • Enhanced KVStore lookups with the entities' names and the IDs.
    • A new event schema for the sourcetypes as mentioned in the following table:
sourcetype new event schema or new sample log
OktaIM2:groupUser {"groupid": "00g7nvgb8z6yN7ysn5d7", "groupName": "Everyone", "userName": "userokta@gmail.com", "userid": "00u7p8lo0kub5T2hu5d7", "lastMembershipUpdated": "2022-12-20T10:46:07.000Z"}
OktaIM2:appUser {"appid": "0oa6w98nquVw81Xf35d7", "appName": "oidc_client", "appLabel": "Okta Admin Console", "userid": "00u7nuurr6YO0Wi765d7", "externalId": null, "userName": "userokta@gmail.com", "created": "2022-12-16T10:25:00.000Z", "lastUpdated": "2022-12-16T10:25:00.000Z", "statusChanged": "2022-12-16T10:24:59.000Z", "scope": "USER", "status": "ACTIVE"}
    • Because of this, the KVStore lookups and field extractions will also be enhanced for respective sourcetypes
  • Introduced Monitoring Dashboards, which enabled the users to have an insight into the count of events ingested and the volume of data ingested based on various parameters like - Host, Source, Index, Input, Sourcetype, Account
  • Verified IPv6 compliance checks for the add-on and enhanced TA functionality accordingly
  • Enhanced the UI experience of the add-on for the users
  • Provided CIM support of the latest version - 5.3.1
  • Backlog enhancements and library updates

Fixed issues

Version 2.2.0 of the Splunk Add-on for Okta Identity Cloud has the following fixed issues:


Known issues

Version 2.2.0 of the Splunk Add-on for Okta Identity Cloud has the following reported known issues. If no issues appear below, no issues have yet been reported.

Third-party software attributions

Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects. Third party contributions.


Version 2.1.0

Version 2.1.0 of the Splunk Add-on for Okta Identity Cloud was released on October 28, 2023.

Compatibility

Version 2.1.0 of the Splunk Add-on for Okta Identity Cloud is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 8.2.x, 9.0.x, 9.1.x
CIM 5.2.0
Platforms Platform independent
Vendor Products Okta API v1

New Features

  • Introduced support for new eventTypes of Okta System Logs in sourcetype OktaIM2:log
    • Introduced support of Network Traffic data model
  • Introduced built-in dashboard panels which provides information about
    • Add-on version installed
    • Number of events ingested in respective sourcetype
    • Errors present in the add-on log files
  • Introduced compatibility with Okta System Log Streaming events
    • The extractions of the events collected via Okta System Log Streaming on Splunk Cloud will work as expected

Fixed issues

Version 2.1.0 of the Splunk Add-on for Okta Identity Cloud has the following fixed issues:


Known issues

Version 2.1.0 of the Splunk Add-on for Okta Identity Cloud has the following reported known issues. If no issues appear below, no issues have yet been reported.


Third-party software attributions

Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects. Third party contributions.


Version 2.0.0

Version 2.0.0 of the Splunk Add-on for Okta Identity Cloud was released on May 30, 2023.

Compatibility

Version 2.0.0 of the Splunk Add-on for Okta Identity Cloud is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 8.1.x, 8.2.x, 9.0.x
CIM 5.1.1
Platforms Platform independent
Vendor Products Okta API v1

New Features

  • Introduced support for new eventTypes of Okta System Logs in sourcetype OktaIM2:log
  • Enhanced the existing CIM field extractions for Okta System Logs
  • Provided support for CIM v5.1.1
    • Introduced support of Alerts data model and enhanced the support of Change and Authentication data models

Breaking Changes

Existing users will face some breaking changes in the CIM field extractions of sourcetype OktaIM2:log as this release contains major code enhancements:

  • Enhanced the extractions for CIM fields object, object_id, object_attrs
  • Removed field extractions of user_role, vendor_region
  • Removed the field event_type

Fixed issues

Version 2.0.0 of the Splunk Add-on for Okta Identity Cloud has the following fixed issues:



Known issues

Version 2.0.0 of the Splunk Add-on for Okta Identity Cloud has the following reported known issues. If no issues appear below, no issues have yet been reported.


Third-party software attributions

Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects. Third party contributions.

Version 1.2.0

Version 1.2.0 of the Splunk Add-on for Okta Identity Cloud was released on April 25, 2023.

Compatibility

Version 1.2.0 of the Splunk Add-on for Okta Identity Cloud is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 8.1.x, 8.2.x, 9.0.x
CIM 5.x
Platforms Platform independent
Vendor Products Okta API v1

New Features

  • Introduced OAuth2.0 Authentication mechanism for Account configuration.
    • When using an account configured with OAuth2, requests for configured inputs will be authorized using an Access Token, which provides an increased level of security.
  • Enhanced System Log events falling under OktaIM2:log sourcetype.
    • The fields admin_interest, security_interest, release_note_date, event_type_description, event_type_tags would now be extracted based on the corresponding Okta eventTypes.

Fixed issues

Version 1.2.0 of the Splunk Add-on for Okta Identity Cloud has the following fixed issues:

  • Fixed the typo of "action" field extraction for an eventType


Date resolved Issue number Description
2023-04-10 ADDON-61676 The "action" field generally comes through as "success" but sometimes is misspelled as "sucess".

Known issues

Version 1.2.0 of the Splunk Add-on for Okta Identity Cloud has the following reported known issues. If no issues appear below, no issues have yet been reported.


Third-party software attributions

Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects. Third party contributions.


Version 1.1.0

Version 1.1.0 of the Splunk Add-on for Okta Identity Cloud was released on January 23, 2023.

Compatibility

Version 1.1.0 of the Splunk Add-on for Okta Identity Cloud is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 8.1.x, 8.2.x, 9.0.x
CIM 5.x
Platforms Platform independent
Vendor Products Okta API v1

New Features

  • Introduced sourcetypes OktaIM2:groupUser and OktaIM2:appUser.
    • Users associated with the group will be ingested in a new sourcetype: OktaIM2:groupUser.
    • Users associated to a particular app will be ingested in the new sourcetype: OktaIM2:appUser.
  • Introduced the Start Date parameter to allow the user to provide a data collection start date for a specific metric.
  • Enhanced User experience in account configuration by adding validations.
  • Introduced macros to define custom indexes in search for running saved searches.

Editing the Start Date field will result in data duplication

  • The new events collected in sourcetypes OktaIM2:app & OktaIM2:group will have updated event format.
    • assigned_users{} field is removed from the events
    • assigned_apps{} & assigned_groups{} fields will have the ids of apps & groups respectively
    • _embedded{} field is added in the events of OktaIM2:group which contains the stats of usersCount, appsCount.

Fixed issues

Version 1.1.0 of the Splunk Add-on for Okta Identity Cloud has the following fixed issues:

  • Resolved event truncation issue while collecting data for Groups metric.
  • Resolved event truncation issue while collecting data for Apps metric by introducing the option of "Collect URIs" to remove the long redirect URI.
  • Corrected _time extraction for events of groups metric.

Known issues

Version 1.1.0 of the Splunk Add-on for Okta Identity Cloud has the following reported known issues. If no issues appear below, no issues have yet been reported:


Date filed Issue number Description
2023-04-04 ADDON-61676 The "action" field generally comes through as "success" but sometimes is misspelled as "sucess".

Fixed issues

Date resolved Issue number Description
2023-01-18 ADDON-58079 Event truncation issue in Groups and Apps Data
2022-12-25 ADDON-59096 For group sourcetype _time field extraction issue for membership changes events

Third-party software attributions

Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects. Third party contributions

Version 1.0.3

Version 1.0.3 of the Splunk Add-on for Okta Identity Cloud was released on December 20, 2022.

Compatibility

Version 1.0.3 of the Splunk Add-on for Okta Identity Cloud is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 8.1.x, 8.2.x, 9.0.x
CIM 5.x
Platforms Platform independent
Vendor Products Okta API v1

New Features

There are no new feature in this release.


Fixed issues

Version 1.0.3 of the Splunk Add-on for Okta Identity Cloud has the following fixed issues:


  • Optimized memory consumption in data collection. Users should see up to 80% reduction in memory consumption
  • Resolves data duplication issue by introducing logs_delay parameter for logs metric in the Input Configuration Page
  • The data collection mechanism for logs depends on two parameters in API - "since" and "until". So now there will be bounded requests for data collection
  • Updated the system path to prioritize Add-on's third-party libraries for data collection.


Date resolved Issue number Description
2022-12-16 ADDON-58574 Okta add-on ingestion blocked

Known issues

Version 1.0.3 of the Splunk Add-on for Okta Identity Cloud has the following reported known issues. If no issues appear below, no issues have yet been reported:


Date filed Issue number Description
2022-12-13 ADDON-59096 For group sourcetype _time field extraction issue for membership changes events
2022-11-11 ADDON-58079 Event truncation issue in Groups and Apps Data

Third-party software attributions

Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects. Third party contributions

Version 1.0.2

Version 1.0.2 of the Splunk Add-on for Okta Identity Cloud was released on October 22, 2022.

Compatibility

Version 1.0.2 of the Splunk Add-on for Okta Identity Cloud is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 8.1.x, 8.2.x, 9.0.x
CIM 5.x
Platforms Platform independent
Vendor Products Okta API v1

New Features

There are no new feature in this release.


Fixed issues

Version 1.0.2 of the Splunk Add-on for Okta Identity Cloud has the following fixed issues:

  • Updated checkpoint mechanism for groups data to support latest membership changes
    • Updated checkpoint logic to count for multiple modified dates instead of just one to count for all scenarios.
  • Updated checkpoint handling in case of event ingestion failure
  • Updated data collection logic to prevent negative sleep interval in API throttling


Date resolved Issue number Description
2022-10-21 ADDON-56306 Add-on doesn't collect data of latest membership changes in the groups
2022-10-21 ADDON-56388, ADDON-56479 Add-on does not ingest any logs due to negative sleep time value in API throttling

Known issues

Version 1.0.2 of the Splunk Add-on for Okta Identity Cloud has the following reported known issues. If no issues appear below, no issues have yet been reported:


Date filed Issue number Description
2022-12-13 ADDON-59096 For group sourcetype _time field extraction issue for membership changes events
2022-11-28 ADDON-58574 Okta add-on ingestion blocked
2022-11-11 ADDON-58079 Event truncation issue in Groups and Apps Data
2022-11-02 ADDON-57122 Splunk Add-on for Okta Identity Cloud - Unable to ingest production logs
2022-10-22 ADDON-56939 Splunk Add-on for Okta Identity- not receiving any logs

Third-party software attributions

Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects. Third party contributions

Version 1.0.1

Compatibility

Version 1.0.1 of the Splunk Add-on for Okta Identity Cloud is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 8.0.x, 8.1.x, 8.2.x
CIM 5.x
Platforms Platform independent
Vendor Products Okta API v1

New Features

System log events Mapped to multiple CIM data models and relevent field extractions Internal logs

Level Source Message prefix Potential reason or comment
Error Checkpoint Error in Checkpoint handling Internal - KV store not available
ERROR Connect Failed to connect to Network - Okta Cloud API token is either not correct or not upto date (or its endpoint) not available from Splunk
INFO Proxy Failed to initialize Proxy details are not correct
ERROR Checkpoint Error in Checkpoint handling Internal - KV store not available
ERROR Proxy Failed to fetch Proxy Network - Not able to fetch proxy details

Fixed issues

Version 1.0.1 of the Splunk Add-on for Okta Identity Cloud has the following fixed issues:


Known issues

Version 1.0.1 of the Splunk Add-on for Okta Identity Cloud has the following reported known issues. If no issues appear below, no issues have yet been reported:


Date filed Issue number Description
2022-10-22 ADDON-56939 Splunk Add-on for Okta Identity- not receiving any logs
2022-10-06 ADDON-56388, ADDON-56479 Add-on does not ingest any logs due to negative sleep time value in API throttling
2022-10-05 ADDON-56306 Add-on doesn't collect data of latest membership changes in the groups
2022-10-04 ADDON-56292 Splunk Add-on for Okta Identity Cloud - No members returned for group Everyone

Third-party software attributions

Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.


!Library !License
certifi-2021.10.8 https://github.com/certifi/python-certifi/blob/master/LICENSE
charset_normalizer-2.0.7 https://github.com/Ousret/charset_normalizer/blob/master/LICENSE
defusedxml-0.7.1 https://github.com/tiran/defusedxml/blob/main/LICENSE
httplib2-0.20.1 https://github.com/httplib2/httplib2/blob/master/LICENSE
idna-3.3 https://github.com/kjd/idna/blob/master/LICENSE.md
pyparsing-2.4.7 https://github.com/pyparsing/pyparsing/blob/master/LICENSE
requests-2.26.0 https://github.com/pyparsing/pyparsing/blob/master/LICENSE
solnlib-4.3.0 https://github.com/splunk/addonfactory-solutions-library-python/blob/main/LICENSE
sortedcontainers-2.4.0 https://github.com/grantjenks/python-sortedcontainers/blob/master/LICENSE
splunk_sdk-1.6.16 https://github.com/splunk/splunk-sdk-python/blob/master/LICENSE
splunktalib-2.2.0 https://github.com/splunk/addonfactory-ta-library-python/blob/main/LICENSE
splunktaucclib-5.0.4 Apache Software License (Apache-2.0)
urllib3-1.26.7 https://github.com/urllib3/urllib3/blob/main/LICENSE.txt
Last modified on 03 September, 2024
Release notes for the Splunk Add-on for Okta Identity Cloud  

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters