Configure Live Monitoring Inputs for the Splunk Add-on for Box
To configure live monitoring inputs for the Splunk Add-on for Box, complete these steps:
- On Splunk Web, go to the Splunk Add-on for Box, either by clicking the name of this add-on on the left navigation banner, or by going to Manage Apps then by clicking Launch App in the row for the Splunk Add-on for Box.
- Click the Inputs tab.
- Click Create new input and then choose "Live Monitoring Inputs".
- Fill in the required fields:
Field Description Name A name for the new input Box account The Box account with permissions for the input. Ensure you have set up the add-on to work with this Box account. Endpoint The Box API endpoint relevant to collecting data for a given metric. This field is disabled and value is selected by default. The Splunk Add-on for Box provides one Endpoint — events, which uses admin_logs_streaming Box REST API: Metric Description events (admin_logs_streaming) Box enterprise events using Box admin_logs_streaming API. Interval How often, in seconds, the Splunk platform calls the API to collect data for a metric. This value overrides the configuration of the default collection interval in the setup screen. Set to 120 seconds or above to avoid rate limiting errors. Index The index in which the Splunk platform stores events from Box. The default is main.
When you enable the Events input for the first time, the add-on collects enterprise event data using admin_logs_streaming API using stream position as 0, which starts bringing data starting from the past 2 weeks (this is based on what BOX API supports). The add-on collects this data at a maximum rate of 500 records at a time until it gets no records and then next calls are done based on the user defined interval (default every 120 seconds).
- Once you are satisfied with the configurations, click Enable next to the metrics you want to enable.
If the Splunk Add-on for Box finds an existing checkpoint for a given input name, a Use existing data input dialogue box appears. If you select Yes, then data is collected from that checkpoint. If you select No, then data collection resets. It begins from the stream position 0, which starts bringing data from the past 2 weeks. This option will only appear when editing inputs containing the
Configure Historical Querying Inputs for the Splunk Add-on for Box
Troubleshoot the Splunk Add-on for Box
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!