Splunk® Supported Add-ons

Splunk Add-on for Box

Configure credentials on Box for the Splunk Add-on for Box

Box uses OAuth 2.0 for authentication and authorization. For the Splunk Add-on for Box to collect data from the Box APIs, you must obtain an OAuth 2.0 client ID and client secret from Box. Before you attempt to set up the Splunk Add-on for Box, use the following steps to configure a Box client app and obtain these credentials.

Refer to Box documentation for more details and additional reference information.

  1. Log in to Box using an existing Box account. The role of the Box account that you use for this configuration step affects the scope of the data you can gather with the add-on. The account and the credentials are persistent, explicitly have more than read-only permissions in Box, and and not just used to establish an API key for the nodes to communicate:
    • If you use a Box account with the admin role, the add-on has permissions to gather all metadata of all files and folders and all enterprise events for your entire organization through the Box APIs.
    • If you use a Box account with a co-admin role, you need to enable the permission to "Run new reports and access existing reports" for that account.
    • If you use an account with a user role, you may not be able to collect all data.
    Use an account with the appropriate roles and permissions to gather the scope of data that you want to collect with the add-on.
  2. Go to https://app.box.com/master/settings/apps. Admin role will be required to access these settings.
  3. Select Individual Application Controls.
  4. Search for Splunk Add-on for Box in the search bar.
  5. Hover over it and select Configure. Box displays a configuration window with Splunk Add-on settings.
  6. In the Additional Configuration section, select + Add Integration Credentials.
  7. (Optional) Change the default name of the integration credentials and select Save.
  8. Next to OAuth 2.0 Redirect URI, in the Redirect URI field, enter the SSL-secured HTTPS URI of the Splunk Platform instance that you want to be responsible for data collection from Box, usually a heavy forwarder. For example, if the URL of your heavy forwarder is http://<host>:8000/en-US/app/Splunk_TA_box/splunk_ta_box_redirect, then the redirect URI is exactly the same as this. The OAuth 2.0 specification only supports HTTPS redirects, which means you need turn on SSL for Splunk Web on the instance you are using for Box data collection. Refer to Turn on encryption (https) with Splunk Web in the Splunk Enterprise security documentation for details on how to turn on SSL for Splunk Web.
  9. In Application Scopes, select the following options based on the data you want to pull from your Box account:
    Application Scope Uses
    Read all files and folders stored in Box. Gets data of Folders endpoint (Collect folder metadata, Collect folder collaboration, Collect file metadata).
    Read and write all files and folders in Box. Gets data of Folders endpoint (Collect tasks and comments).
    Manage users. Gets data of Users endpoint
    Manage groups. Gets data of Groups endpoint
    Manage enterprise properties. Gets data of Events endpoint

    If the application scopes are changed after configuring your account in the Splunk Add-on for Box, the Box account will have to be reconfigured in the Box add-on to generate a new token with the upgraded, and downgraded access.

  10. Note down the Client ID and Client Secret in OAuth 2.0 Credentials. You need this when you set up the Splunk Add-on for Box.
  11. Click Save Changes.
Last modified on 06 December, 2024
Upgrade the Splunk Add-on for Box   Set up the Splunk Add-on for Box

This documentation applies to the following versions of Splunk® Supported Add-ons: released, released


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters