Splunk® Supported Add-ons

Splunk Add-on for Box

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Release history for the Splunk Add-on for Box

Latest release

The latest version of the Splunk Add-on for Box is version 3.4.1. See Release notes for the Splunk Add-on for Box for the release notes of this latest version.

Version 3.4.0

Version 3.4.0 of the Splunk Add-on for Box was released on October 15, 2021.

Compatibility

Version 3.4.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 8.0.x, 8.1.x, 8.2.x
CIM 4.20.2
Platforms Linux and Windows
Vendor Products Box

The new field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

New features

Version 3.4.0 of the Splunk Add-on for Box contains the following new features:

  • Enhanced CIM mappings and added support for the latest CIM version v4.20.2.
  • Added support for the newly introduced DataAccess data model.
    • Updated data model and CIM mappings for 31 event_types of box:events sourcetype to DataAccess data model.
    • Updated action and object_attrs field values for box:events source type to CIM compliant values.
  • Changed mappings for user src_user and object (when object is a user) CIM fields to the unique login IDs.
  • Updated user & description CIM fields for the box:users source type.
  • Removed the CIM tags from the ACCESS_GRANTED and ACCESS_REVOKED eventsfor box:events source type.

For more detailed CIM fields mapping changes see the tables below.

The extractions for CIM fields user, src_user and object (when object is a user), have been updated to unique login IDs instead of the First and Last names as a part of this release which could be a breaking change for the content using these fields in the existing add-on version.

Data Model Changes

Version 3.4.0 of the Splunk Add-on for Box introduces data model changes for the box:events sourcetype. See the following table for information in data model changes:

Source-type Event_type Previous Data Model New Data Model
['box:events'] ACCESS_GRANTED, ACCESS_REVOKED Change:All No Data Model
['box:events'] APPLICATION_CREATED, OAUTH2_ACCESS_TOKEN_REVOKE Change:All Change:AccountManagement
['box:events'] COPY, DELETE, DOWNLOAD, EDIT, ITEM_OPEN, ITEM_MODIFY, LOCK, UNLOCK, MOVE, PREVIEW, RENAME, UNSHARE, SHARE, STORAGE_EXPIRATION, TASK_ASSIGNMENT_CREATE, TASK_CREATE, TASK_ASSIGNMENT_UPDATE, UNDELETE, UPLOAD, WATERMARK_LABEL_CREATE, WATERMARK_LABEL_DELETE Change:All Data Access
['box:events'] GROUP_CREATION, GROUP_EDITED, GROUP_DELETION, REMOVE_LOGIN_ACTIVITY_DEVICE Change:AccountManagement Change:All

Field Mapping Changes

Version 3.4.0 of the Splunk Add-on for Box introduces field changes to the box:events, box:file and box:users sourcetypes.

This table includes the events for which the datasets changed (within the same data model) but does not include events for which the data models were changed. For example, Change DM and is All_Changes data set is now Change DM with the data set Account_Management. See https://docs.splunk.com/Documentation/CIM/4.20.0/User/Change for more information.

Sourcetype - box:events field mapping changes

Source-type event_type Fields added Fields removed
['box:events'] ADD_LOGIN_ACTIVITY_DEVICE vendor_type, application_id, user_id, user_name src_user
['box:events'] ADMIN_LOGIN user_name, user_id, signature, application_id, signature_id, user_role, vendor_type src_user
['box:events'] ADVANCED_FOLDER_SETTINGS_UPDATE parent_object_id, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type, owner src_user
['box:events'] ANNOTATIONV2_CREATE parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, action, application_id, parent_object, vendor_type, object_size src_user
['box:events'] APPLICATION_CREATED src_user_name, user_name, user_id, application_id, vendor_type
['box:events'] CHANGE_ADMIN_ROLE src_user_name, user_name, user_id, application_id, vendor_type
['box:events'] COLLABORATION_ACCEPT parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type src_user
['box:events'] COLLABORATION_EXPIRATION src_user
['box:events'] COLLABORATION_INVITE parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type src_user
['box:events'] COLLABORATION_REMOVE parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type src_user
['box:events'] COLLABORATION_ROLE_CHANGE parent_object_id, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type, owner src_user
['box:events'] COMMENT_CREATE parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type, object_size src_user
['box:events'] COMMENT_DELETE parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type, object_size src_user
['box:events'] COMMENT_EDIT parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type, object_size src_user
['box:events'] CONTENT_ACCESS parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, action, application_id, parent_object, vendor_type, object_size src_user
['box:events'] CONTENT_WORKFLOW_POLICY_ADD user_name, object_category, user_id, object, object_id, application_id, vendor_type src_user
['box:events'] CONTENT_WORKFLOW_POLICY_RETIRE status, user_name, object_category, user_id, object, object_id, application_id, action, vendor_type src_user
['box:events'] DELETE_USER src_user_name, user_name, user_id, application_id, vendor_type
['box:events'] EDIT_USER src_user_name, user_name, user_id, application_id, vendor_type
['box:events'] FAILED_LOGIN user_name, signature, application_id, signature_id, vendor_type
['box:events'] GROUP_ADD_USER src_user_name, user_name, user_id, application_id, vendor_type
['box:events'] GROUP_ADMIN_CREATED src_user_name, user_name, user_id, application_id, vendor_type, user_type
['box:events'] GROUP_CREATION vendor_type, application_id, user_id, user_name src_user
['box:events'] GROUP_EDITED, GROUP_DELETION vendor_type, application_id, user_id, user_name src_user
['box:events'] GROUP_REMOVE_USER src_user_name, user_name, user_id, application_id, vendor_type
['box:events'] LOGIN user_name, signature, application_id, signature_id, vendor_type
['box:events'] METADATA_INSTANCE_CREATE parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type, object_size src_user
['box:events'] METADATA_INSTANCE_DELETE parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type, object_size src_user
['box:events'] METADATA_INSTANCE_UPDATE parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type, object_size src_user
['box:events'] METADATA_TEMPLATE_CREATE user_name, object_category, user_id, object, object_id, application_id, vendor_type src_user
['box:events'] METADATA_TEMPLATE_UPDATE user_name, object_category, user_id, object, object_id, application_id, vendor_type src_user
['box:events'] NEW_USER src_user_name, user_name, user_id, application_id, vendor_type
['box:events'] OAUTH2_ACCESS_TOKEN_REVOKE src_user_name, user_name, user_id, application_id, vendor_type
['box:events'] REMOVE_LOGIN_ACTIVITY_DEVICE vendor_type, application_id, user_id, user_name src_user
['box:events'] RETENTION_POLICY_ASSIGNMENT_ADD parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type src_user
['box:events'] SHARED_LINK_REDIRECT_OUT_OF_SHARED_CONTEXT parent_object_id, owner, owner_email, user_name, id, description, user_id, owner_id, parent_object_category, severity, signature_id, application_id, parent_object, vendor_type, object_size src_user
['box:events'] SHARE_EXPIRATION parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type, object_size src_user
['box:events'] SHIELD_ALERT user_name, id, description, user_id, signature, severity_id, severity, signature_id, application_id, vendor_type src_user
['box:events'] TASK_UPDATE parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type, object_size src_user
['box:events'] WORKFLOW_AUTOMATION_CREATE user_name, user_id, application_id, action, vendor_type, status src_user, object_id
['box:events'] WORKFLOW_AUTOMATION_UPDATE user_name, user_id, application_id, action, vendor_type, status src_user, object_id


Sourcetype - box:users field mapping changes

Source-type sourcetype Fields added Fields removed
['box:users'] box:users user_role

Sourcetype - box:file field mapping changes

Source-type sourcetype Fields added Fields removed
['box:file'] box:file vendor_description

Fixed issues

Version 3.4.0 of the Splunk Add-on for Box fixes the following issues:


Known issues

Version 3.4.0 of the Splunk Add-on for Box has the following known issues. If no issues appear below, no issues have yet been reported.


Date filed Issue number Description
2021-10-04 ADDON-42982 Data collection is not working using proxy
2021-06-14 ADDON-38127 Delay in data collection observed when interval is greater than the frequency of the refreshing access token (default is 1 hr from box side)
2019-11-07 ADDON-24294 Getting ERROR exception logs in splunkd.log for Inputs Page

Third-party software attributions

Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.

A complete listing of third-party software information for this add-on is available as a PDF file for download:
Splunk Add-on for Box third-party software credits.

Version 3.3.2

Version 3.3.2 of the Splunk Add-on for Box was released on July 23, 2021.

Compatibility

Version 3.3.2 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 8.0.x, 8.1.x, 8.2.x
CIM 4.18.1
Platforms Linux and Windows
Vendor Products Box

The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

New features

Version 3.3.2 of the Splunk Add-on for Box contains the following new features:

  • Fast and intuitive UI with an improved look and feel.
  • Fixed critical security issue by removing jquery2.
  • Removed python2 support. Splunk only supports python3 and 8.x or above for future releases.
  • Updated to the Box SDK version 2.12.0
  • Compatibility with CIM version 4.18.1 and enhanced mappings:
    • Mapped box:fileComment, box:fileTask, box:folderCollaboration & box:groups source types to Inventory DM.
    • Updated dest field value from cloud to box.com which is more meaningful.
    • Removed user_category field from the box:events source type.
    • Removed enabled & serial fields from the box:folder source type.
    • Removed serial field from the box:folderCollaboration source type.
    • Removed serial & user_category field from the box:users source type.
  • Fixed issue where the data collection for all enabled inputs was triggered hourly instead of according to the provided Collection Interval.
  • Fixed issue where data was collected for all the file, tasks, comments and folders instead of selected checkboxes for the Folders endpoint.
  • Enhanced UI validations.
  • Minor bug fixes.

Fixed issues

Version 3.3.2 of the Splunk Add-on for Box fixes the following issues:


Known issues

Version 3.3.2 of the Splunk Add-on for Box has the following known issues. If no issues appear below, no issues have yet been reported.


Date filed Issue number Description
2021-10-04 ADDON-42982 Data collection is not working using proxy
2021-06-14 ADDON-38127 Delay in data collection observed when interval is greater than the frequency of the refreshing access token (default is 1 hr from box side)
2019-11-07 ADDON-24294 Getting ERROR exception logs in splunkd.log for Inputs Page

Third-party software attributions

Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.

A complete listing of third-party software information for this add-on is available as a PDF file for download:
Splunk Add-on for Box third-party software credits.


Version 3.2.0

Version 3.2.0 of the Splunk Add-on for Box was released on August 10, 2020.

Compatibility

Version 3.2.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 7.2.x, 7.3.x, 8.0.x, 8.1.x, 8.2.x
CIM 4.15
Platforms Linux and Windows
Vendor Products Box

The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

New features

Version 3.2.0 of the Splunk Add-on for Box contains the following new features:

  • Enhanced ability to add offsets while scanning events to recover delayed events written by Box.

Fixed issues

Version 3.2.0 of the Splunk Add-on for Box fixes the following issues:


Date resolved Issue number Description
2020-07-07 ADDON-27168 Box TA appears to be cross ingesting data between multiple clientid's

Known issues

Version 3.2.0 of the Splunk Add-on for Box has the following known issues. If no issues appear below, no issues have yet been reported.


Date filed Issue number Description
2020-08-05 ADDON-28286 Checkbox to collect tasks and comments is not working for Folders Endpoint
2020-02-04 ADDON-25183, ADDON-25885 Addons UI is not compatible with Splunk 7.3.3 and Splunk 7.3.4

Workaround:
Customer can switch to any other Splunk version compatible with all their apps and add-ons.
2019-11-07 ADDON-24294 Getting ERROR exception logs in splunkd.log for Inputs Page


Third-party software attributions

Version 3.2.0 of the Splunk Add-on for Box incorporates the following third-party software or libraries:

Version 3.1.0

Version 3.1.0 of the Splunk Add-on for Box was released on June 15, 2020.

Compatibility

Version 3.1.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 7.1.x, 7.2.x, 7.3.x, 8.0.x
CIM 4.14
Platforms Linux and Windows
Vendor Products Box

New features

Version 3.1.0 of the Splunk Add-on for Box contains the following new features:

  • Enhanced compatibility with version 4.14 of the Common Information Model (CIM).
  • Enhanced security features.

Fixed issues

Version 3.1.0 of the Splunk Add-on for Box fixes the following issues:


Date resolved Issue number Description
2020-05-21 ADDON-26464 The Box API endpoint doesn't collect data with configured interval for users and groups
2020-05-19 ADDON-24900 Every time splunk is restarted, box add-on requires re-entering of credentials
2020-05-07 ADDON-26426 Unable to collect data using socks5 proxy

Known issues

Version 3.1.0 of the Splunk Add-on for Box has the following known issues. If no issues appear below, no issues have yet been reported.


Date filed Issue number Description
2020-08-05 ADDON-28286 Checkbox to collect tasks and comments is not working for Folders Endpoint
2020-06-16 ADDON-27168 Box TA appears to be cross ingesting data between multiple clientid's
2019-11-07 ADDON-24294 Getting ERROR exception logs in splunkd.log for Inputs Page


Third-party software attributions

Version 3.1.0 of the Splunk Add-on for Box incorporates the following third-party software or libraries:


Version 3.0.1

Version 3.0.1 of the Splunk Add-on for Box was released on March 10, 2020.

Compatibility

Version 3.0.1 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 7.0.x, 7.1.x, 7.2.x, 7.3.x, 8.0.0
CIM 4.14
Platforms Linux and Windows
Vendor Products Box

New features

Version 3.0.1 of the Splunk Add-on for Box contains the following new features:

  • Default support for Python3

Fixed issues

Version 3.0.1 of the Splunk Add-on for Box fixes the following issues:

Known issues

Version 3.0.1 of the Splunk Add-on for Box has the following known issues. If no issues appear below, no issues have yet been reported.


Date filed Issue number Description
2020-06-16 ADDON-27168 Box TA appears to be cross ingesting data between multiple clientid's
2020-05-26 ADDON-26828 Addons unable to load UI or collect data on Splunk 8.0.4, 8.0.2004 and Splunk 8.0.5

Workaround:
As a manual workaround, the "import html" statement on Line 16 of splunk/lib/python3.7/site-packages/splunk/util.py file could be commented out, which does not require Splunk restart to take affect.
2020-05-07 ADDON-26464 The Box API endpoint doesn't collect data with configured interval for users and groups
2020-05-05 ADDON-26426 Unable to collect data using socks5 proxy
2020-02-04 ADDON-25183, ADDON-25885 Addons UI is not compatible with Splunk 7.3.3 and Splunk 7.3.4

Workaround:
Customer can switch to any other Splunk version compatible with all their apps and add-ons.
2019-11-07 ADDON-24294 Getting ERROR exception logs in splunkd.log for Inputs Page


Third-party software attributions

Version 3.0.1 of the Splunk Add-on for Box incorporates the following third-party software or libraries:


Version 3.0.0

Version 3.0.0 of the Splunk Add-on for Box was released on December 17, 2019.

Compatibility

Version 3.0.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 7.0.x, 7.1.x, 7.2.x, 7.3.x, 8.0.0
CIM 4.14
Platforms Linux and Windows
Vendor Products Box

New features

Version 3.0.0 of the Splunk Add-on for Box contains the following new features:

  • Support for Python3

Fixed issues

Version 3.0.0 of the Splunk Add-on for Box fixes the following issues:


Known issues

Version 3.0.0 of the Splunk Add-on for Box has the following known issues. If no issues appear below, no issues have yet been reported.


Date filed Issue number Description
2020-05-26 ADDON-26828 Addons unable to load UI or collect data on Splunk 8.0.4, 8.0.2004 and Splunk 8.0.5

Workaround:
As a manual workaround, the "import html" statement on Line 16 of splunk/lib/python3.7/site-packages/splunk/util.py file could be commented out, which does not require Splunk restart to take affect.
2020-02-04 ADDON-25183, ADDON-25885 Addons UI is not compatible with Splunk 7.3.3 and Splunk 7.3.4

Workaround:
Customer can switch to any other Splunk version compatible with all their apps and add-ons.
2020-01-21 ADDON-24900 Every time splunk is restarted, box add-on requires re-entering of credentials
2019-11-07 ADDON-24294 Getting ERROR exception logs in splunkd.log for Inputs Page


Third-party software attributions

Version 3.0.0 of the Splunk Add-on for Box incorporates the following third-party software or libraries:

Version 2.1.0

Version 2.1.0 of the Splunk Add-on for Box was released on August 19, 2019.

Compatibility

Version 2.1.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 6.6.x, 7.0.x, 7.1.x, 7.2.x, 7.3.x
CIM 4.13
Platforms Linux and Windows
Vendor Products Box

New features

Version 2.1.0 of the Splunk Add-on for Box contains the following new features:

  • Support for a configurable disable_ssl_certificate_validation parameter.
  • Ability to identify whether Box files are publicly or privately shared.
  • Ability to enable viewing of the entire parent structure of an asset.

Fixed issues

Version 2.1.0 of the Splunk Add-on for Box fixes the following issues:


Date resolved Issue number Description
2019-06-27 ADDON-20371, ADDON-20370, ADDON-20372 Box Add-on uses packaging toolkit v1.0.0 instead of v0.8.0
2019-06-27 ADDON-21544 Default value of "Redirect URL" field in "Add Box Account" dialog
2019-02-12 ADDON-20572 HTTP 400 Bad request: "created_after is invalid since it is in the future" Date on the server is correct.

Known issues

Version 2.1.0 of the Splunk Add-on for Box has the following known issues. If no issues appear below, no issues have yet been reported.



Third-party software attributions

Version 2.1.0 of the Splunk Add-on for Box incorporates the following third-party software or libraries:

Version 2.0.0

Version 2.0.0 of the Splunk Add-on for Box was released on October 15, 2018.

The Splunk Add-on for Box version 2.0.0 introduces breaking changes. If you are upgrading from an earlier version of the Splunk Add-on for Box, you must follow the steps outlined in Upgrade the Splunk Add-on for Box to prevent data loss.

Compatibility

Version 2.0.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 6.6.x, 7.0.x, 7.1.x, 7.2.x
CIM 4.11
Platforms Linux and Windows
Vendor Products Box

New features

Version 2.0.0 of the Splunk Add-on for Box contains the following new features:

  • Improved alert messaging
  • Support for multiple accounts
    • To distinguish between data collected from different Box accounts, the source field contains the Box URL next to the data input name.

Fixed issues

Version 2.0.0 of the Splunk Add-on for Box fixes the following issues:


Date resolved Issue number Description
2018-09-06 ADDON-14136 Proxy info is not updating
2018-09-06 ADDON-14135 When configured through .conf files, proxy secret does not get encrypted until data input is enabled
2018-09-06 ADDON-14082 Unable to grant access on Windows
2018-08-31 ADDON-19190 box.conf.spec is missing from README folder

Known issues

Version 2.0.0 of the Splunk Add-on for Box has the following known issues. If no issues appear below, no issues have yet been reported:


Date filed Issue number Description
2019-03-21 ADDON-21544 Default value of "Redirect URL" field in "Add Box Account" dialog
2018-12-11 ADDON-20572 HTTP 400 Bad request: "created_after is invalid since it is in the future" Date on the server is correct.
2018-11-26 ADDON-20371, ADDON-20370, ADDON-20372 Box Add-on uses packaging toolkit v1.0.0 instead of v0.8.0

Error: created_after is invalid since it is in the future

Version 2.0.0 of the Splunk Add-on for Box has a known issue with the created_after field. It switches this value after initial data ingestion. Complete the following steps to resolve this issue:

  1. From the UI of the Splunk Add-on for Box, disable your input.
  2. Delete the checkpoint file from $SPLUNK_HOME/var/lib/splunk/modinputs/box_service/.
  3. Update line 271 of $SPLUNK_HOME/etc/apps/Splunk_TA_box/bin/box_data_loader.py. It reads before = datetime.strftime(before, self.time_fmt). Replace this line with before = datetime.strftime(min(before, datetime.utcnow()), self.time_fmt).
  4. (Optional) Update your collect_since value to avoid data duplication.
  5. Enable your input again.

Third-party software attributions

Version 2.0.0 of the Splunk Add-on for Box incorporates the following third-party software or libraries:

Version 1.2.0

Version 1.2.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms.

About this release

Splunk platform versions 6.5.x, 6.6.x, 7.0.x, 7.1.x, 7.2.x
CIM 4.11
Platforms Linux
Vendor Products Box

This version of the add-on drops support for Splunk platform versions older than 6.3.X. If you are running older versions of the Splunk platform, upgrade them to a minimum of 6.3.X before upgrading the add-on.

New features

Version 1.2.0 of the Splunk Add-on for Box contains the following new features:

  • Support for SSL intercept mode in proxy.

Fixed issues

Version 1.2.0 of the Splunk Add-on for Box fixes the following issues.


Date resolved Issue number Description
2018-02-05 ADDON-15564 source_item_name field not extracted correctly
2018-01-31 ADDON-16795 Added log messages in ta_box.log for files that are not supported for previews

Known issues

Version 1.2.0 of the Splunk Add-on for Box has the following known issues.

If no issues appear below, no issues have yet been reported.


Date filed Issue number Description
2018-08-26 ADDON-19190 box.conf.spec is missing from README folder
2017-03-15 ADDON-14135 When configured through .conf files, proxy secret does not get encrypted until data input is enabled

Workaround:
Configure proxy through the setup page
2017-03-15 ADDON-14136 Proxy info is not updating

Workaround:
From the Box Grant page, wait several seconds before clicking "Grant access to Box".
2017-03-12 ADDON-14082 Unable to grant access on Windows

Third-party software attributions

Version 1.2.0 of the Splunk Add-on for Box incorporates the following third-party software or libraries.

Version 1.1.1

Version 1.1.1 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms.

About this release

Version 1.1.1 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 6.4.x and later
CIM 4.1 and later
Platforms Linux
Vendor Products Box

This version of the add-on drops support for Splunk platform versions older than 6.3.X. If you are running older versions of the Splunk platform, upgrade them to a minimum of 6.3.X before upgrading the add-on.

Version 1.1.0

Version 1.1.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 6.3.x and later
CIM 4.1 and later
Platforms Linux
Vendor Products Box

This version of the add-on drops support for Splunk platform versions older than 6.3.X. If you are running older versions of the Splunk platform, upgrade them to a minimum of 6.3.X before upgrading the add-on.

New features

Version 1.1.0 of the Splunk Add-on for Box fixes the following new features.

Date Issue number Description
2016/06/13 ADDON-6817 After you install the Splunk Add-on for Box on the search head, the Splunk platform no longer prompts you to perform any add-on setup, which is not required on the search head.
2016/06/09 ADDON-8414 New pre-built panel for troubleshooting API errors.
2016-06-02 ADDON-6087 The Splunk Add-on for Box now uses Box SDK for authentication, token refreshing, and auto retry on error.
2016-06-02 ADDON-9769 Adjusted the order of the Box File API calls.
2016-06-02 ADDON-8415 Prevented unnecessary Box API calls when a file does not exist.
2016-05-25 ADDON-9464 Support for Box Verified Enterprise (BVE).

Fixed issues

Version 1.1.0 of the Splunk Add-on for Box fixes the following issues.

Date resolved Issue number Description
2016-06-23 ADDON-4508 If you update the setup page and enter a start date in the wrong

format, the updates are not applied.

2016-05-25 ADDON-8987 Timestamps not extracted correctly.
2016-02-02 ADDON-7268 Unexpected error message: Failed to get box.conf.

Known issues

Version 1.1.0 of the Splunk Add-on for Box has the following known issues.

Date filed Issue number Description
2016-10-20 ADDON-11148 The Splunk Add-on for Box does not index private files and folders not owned by the admin.
2016-06-21 ADDON-10293 requireClientCert=true in server.conf is not supported by add-ons using modular inputs and REST. If this setting is enabled in server.conf, communication is broken between the modular input and splunkd and the add-on stops collecting data. The following error appears in the splunkd.log: "SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate." The workaround is to set requireClientCert=false.
2016-06-16 ADDON-10231 Folders with only group member assigned as Collaborator are not indexed.

Third-party software attributions

Version 1.1.0 of the Splunk Add-on for Box incorporates the following third-party software or libraries.

Version 1.0.2

Version 1.0.2 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 6.1.x and above
CIM 4.1 and above
Platforms Linux
Vendor Products Box

Fixed issues

Version 1.0.2 of the Splunk Add-on for Box fixes the following issues.

Date resolved Issue number Description
07/08/15 ADDON-4491 Change default event historical event collection to 300 days to help prevent accidental error states and expose configuration option for this in the setup UI.
07/07/15 ADDON-3870 Improve behavior for already-configured passwords upon configuration change.
07/06/15 ADDON-4188 Add-on sets timestamp of historical enterprise events to the data collection time instead of the created_at time.
07/06/15 ADDON-3928 Missing CIM-compliant action value for Authentication data model.
07/06/15 ADDON-4459 Failed to get Enterprise events when there are more than 500 events in 20 seconds.
07/06/15 ADDON-4460 Proxy support needed in add-on conf file.

Known issues

Version 1.0.2 of the Splunk Add-on for Box has the following known issues.

Date filed Issue number Description
2016-01-30 ADDON-7646 FIPS mode is not supported by this add-on. For a workaround, see Add-ons and FIPS mode in the Splunk Add-ons manual.
2016-01-13 ADDON-5325 requireClientCert=true in server.conf is not supported by add-ons using modular inputs and REST. If this setting is enabled in server.conf, communication is broken between the modular input and splunkd and the add-on stops collecting data. The following error appears in the splunkd.log: "SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate." The workaround is to set requireClientCert=false.
2015/12/14 ADDON-6984 Default event collection frequency should be 120 seconds to avoid Box API rate limiting errors.
07/13/15 SPL-104020 Timezone of the timestamp in enterprise events is ignored, causing discrepancy for events that do not originate in the same timezone as the machine responsible for data collection.
07/10/15 ADDON-4508 If you update the setup page and enter a start date in the wrong format, the updates are not applied. Workaround: Enter a valid start date for Enterprise event collection to avoid reverting to the default start date (300 days ago). You can search for errors related to this by searching for eventtype=box_setup_error.
07/10/15 ADDON-4508 Updates to proxy usernames or passwords fail if both values are not updated together. Workaround: If you configure a proxy with a username and password, then later want to delete it, you must delete both the username and password values so they are both empty, then save. If you want to make changes, specify both the username and password values.
04/21/15 ADDON-3814 Clien

t secret is obfuscated, making troubleshooting more difficult.

Third-party software attributions

Version 1.0.2 of the Splunk Add-on for Box incorporates the Httplib2 Python library.

Version 1.0.1

Version 1.0.1 of the Splunk Add-on for Box has the same compatibility specifications as version 1.0.2.

Migration notes

In order to fix an issue with gathering events from the Box API, the 1.0.1 release adjusted the behavior of the event input. No specific migration activity is required as a result of these changes.

The event input now collects only one year's worth of historical events when you enable the event for the first time, instead of all events. This does not affect users upgrading from version 1.0.0. However, you can now set the date from which event data should be corrected using the configuration file. See the input configuration instructions for details.

Also, in version 1.0.1, the event input collects data in intervals of 30 seconds by default. This is a change from the previous setting of 20 seconds. Any existing event inputs set to the default interval are automatically adjusted to 30 seconds in this release. You can edit the interval at any time.

Fixed issues

Version 1.0.1 of the Splunk Add-on for Box fixed the following issue.

Date Issue number Description
05/04/15 ADDON-3870 Event gathering fails on Box API.

Known issues

Version 1.0.1 of the Splunk Add-on for Box had the following known issues.

Date Issue number Description
07/06/15 ADDON-4459 Failed to get Enterprise events when there are more than 500 events in 20 seconds.
07/06/15 ADDON-4460 Proxy support needed in add-on conf file.
06/08/15 ADDON-4188 Add-on sets timestamp of historical enterprise events to the data collection time instead of the created_at time. To search for historical data, search using the created_at field, possibly including a timezone offset conversion, for historical data.
05/05/15 ADDON-3928 Missing CIM-compliant action value for Authentication data model.
04/21/15 ADDON-3814 Client secret is obfuscated, making troubleshooting more difficult.

Third-party software attributions

Version 1.0.1 of the Splunk Add-on for Box incorporates the Httplib2 Python library.


Version 1.0.0

Version 1.0.0 of the Splunk Add-on for Box has the same compatibility specifications as Version 1.0.1.

New features

Version 1.0.0 of the Splunk Add-on for Box had the following new features.

Date Issue number Description
03/23/15 ADDON-1389 New Splunk-supported add-on with inputs for enterprise events, file and folder metadata, collaboration information, and user and user group data, CIM mapping, and prebuilt panels.

Known issues

Version 1.0.0 of the Splunk Add-on for Box had the following known issues.

Date Issue number Description
05/05/15 ADDON-3928 Missing CIM-compliant action value for Authentication data model.
04/22/15 ADDON-3870 Event gathering fails on Box API.
04/21/15 ADDON-3814 Client secret is obfuscated, making troubleshooting more difficult.

Third-party software attributions

Version 1.0.0 of the Splunk Add-on for Box incorporates the Httplib2 Python library.

Last modified on 16 November, 2021
PREVIOUS
Release notes for the Splunk Add-on for Box
  NEXT
Installation and configuration overview for the Splunk Add-on for Box

This documentation applies to the following versions of Splunk® Supported Add-ons: released, released


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters