Splunk® Supported Add-ons

Splunk Add-on for Box

Download manual as PDF

Download topic as PDF

Release history for the Splunk Add-on for Box

Latest release

The latest version of the Splunk Add-on for Box is version 2.1.0. See Release notes for the Splunk Add-on for Box for the release notes of this latest version.

Version 2.0.0

Version 2.0.0 of the Splunk Add-on for Box was released on October 15, 2018.

The Splunk Add-on for Box version 2.0.0 introduces breaking changes. If you are upgrading from an earlier version of the Splunk Add-on for Box, you must follow the steps outlined in Upgrade the Splunk Add-on for Box to prevent data loss.

Compatibility

Version 2.0.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 6.6.x, 7.0.x, 7.1.x, 7.2.x
CIM 4.11
Platforms Linux and Windows
Vendor Products Box

New features

Version 2.0.0 of the Splunk Add-on for Box contains the following new features:

  • Improved alert messaging
  • Support for multiple accounts
    • To distinguish between data collected from different Box accounts, the source field contains the Box URL next to the data input name.

Fixed issues

Version 2.0.0 of the Splunk Add-on for Box fixes the following issues:

Date resolved Issue number Description
2018-09-06 ADDON-14136 Proxy info is not updating
2018-09-06 ADDON-14135 When configured through .conf files, proxy secret does not get encrypted until data input is enabled
2018-09-06 ADDON-14082 Unable to grant access on Windows
2018-08-31 ADDON-19190 box.conf.spec is missing from README folder

Known issues

Version 2.0.0 of the Splunk Add-on for Box has the following known issues. If no issues appear below, no issues have yet been reported:

Date filed Issue number Description
2019-03-21 ADDON-21544 Default value of "Redirect URL" field in "Add Box Account" dialog
2018-12-11 ADDON-20572 HTTP 400 Bad request: "created_after is invalid since it is in the future" Date on the server is correct.
2018-11-26 ADDON-20371, ADDON-20370, ADDON-20372 Box Add-on uses packaging toolkit v1.0.0 instead of v0.8.0

Error: created_after is invalid since it is in the future

Version 2.0.0 of the Splunk Add-on for Box has a known issue with the created_after field. It switches this value after initial data ingestion. Complete the following steps to resolve this issue:

  1. From the UI of the Splunk Add-on for Box, disable your input.
  2. Delete the checkpoint file from $SPLUNK_HOME/var/lib/splunk/modinputs/box_service/.
  3. Update line 271 of $SPLUNK_HOME/etc/apps/Splunk_TA_box/bin/box_data_loader.py. It reads before = datetime.strftime(before, self.time_fmt). Replace this line with before = datetime.strftime(min(before, datetime.utcnow()), self.time_fmt).
  4. (Optional) Update your collect_since value to avoid data duplication.
  5. Enable your input again.

Third-party software attributions

Version 2.0.0 of the Splunk Add-on for Box incorporates the following third-party software or libraries:


Version 1.2.0

Version 1.2.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms.

About this release

Splunk platform versions 6.5.x, 6.6.x, 7.0.x, 7.1.x, 7.2.x
CIM 4.11
Platforms Linux
Vendor Products Box

This version of the add-on drops support for Splunk platform versions older than 6.3.X. If you are running older versions of the Splunk platform, upgrade them to a minimum of 6.3.X before upgrading the add-on.

New features

Version 1.2.0 of the Splunk Add-on for Box contains the following new features:

  • Support for SSL intercept mode in proxy.

Fixed issues

Version 1.2.0 of the Splunk Add-on for Box fixes the following issues.

Date resolved Issue number Description
2018-02-05 ADDON-15564 source_item_name field not extracted correctly
2018-01-31 ADDON-16795 Added log messages in ta_box.log for files that are not supported for previews

Known issues

Version 1.2.0 of the Splunk Add-on for Box has the following known issues.

If no issues appear below, no issues have yet been reported.

Date filed Issue number Description
2018-08-26 ADDON-19190 box.conf.spec is missing from README folder
2017-03-15 ADDON-14135 When configured through .conf files, proxy secret does not get encrypted until data input is enabled

Workaround:
Configure proxy through the setup page
2017-03-15 ADDON-14136 Proxy info is not updating

Workaround:
From the Box Grant page, wait several seconds before clicking "Grant access to Box".
2017-03-12 ADDON-14082 Unable to grant access on Windows

Third-party software attributions

Version 1.2.0 of the Splunk Add-on for Box incorporates the following third-party software or libraries.

Version 1.1.1

Version 1.1.1 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms.

About this release

Version 1.1.1 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 6.4.x and later
CIM 4.1 and later
Platforms Linux
Vendor Products Box

This version of the add-on drops support for Splunk platform versions older than 6.3.X. If you are running older versions of the Splunk platform, upgrade them to a minimum of 6.3.X before upgrading the add-on.

Version 1.1.0

Version 1.1.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 6.3.x and later
CIM 4.1 and later
Platforms Linux
Vendor Products Box

This version of the add-on drops support for Splunk platform versions older than 6.3.X. If you are running older versions of the Splunk platform, upgrade them to a minimum of 6.3.X before upgrading the add-on.

New features

Version 1.1.0 of the Splunk Add-on for Box fixes the following new features.

Date Issue number Description
2016/06/13 ADDON-6817 After you install the Splunk Add-on for Box on the search head, the Splunk platform no longer prompts you to perform any add-on setup, which is not required on the search head.
2016/06/09 ADDON-8414 New pre-built panel for troubleshooting API errors.
2016-06-02 ADDON-6087 The Splunk Add-on for Box now uses Box SDK for authentication, token refreshing, and auto retry on error.
2016-06-02 ADDON-9769 Adjusted the order of the Box File API calls.
2016-06-02 ADDON-8415 Prevented unnecessary Box API calls when a file does not exist.
2016-05-25 ADDON-9464 Support for Box Verified Enterprise (BVE).

Fixed issues

Version 1.1.0 of the Splunk Add-on for Box fixes the following issues.

Date resolved Issue number Description
2016-06-23 ADDON-4508 If you update the setup page and enter a start date in the wrong

format, the updates are not applied.

2016-05-25 ADDON-8987 Timestamps not extracted correctly.
2016-02-02 ADDON-7268 Unexpected error message: Failed to get box.conf.

Known issues

Version 1.1.0 of the Splunk Add-on for Box has the following known issues.

Date filed Issue number Description
2016-10-20 ADDON-11148 The Splunk Add-on for Box does not index private files and folders not owned by the admin.
2016-06-21 ADDON-10293 requireClientCert=true in server.conf is not supported by add-ons using modular inputs and REST. If this setting is enabled in server.conf, communication is broken between the modular input and splunkd and the add-on stops collecting data. The following error appears in the splunkd.log: "SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate." The workaround is to set requireClientCert=false.
2016-06-16 ADDON-10231 Folders with only group member assigned as Collaborator are not indexed.

Third-party software attributions

Version 1.1.0 of the Splunk Add-on for Box incorporates the following third-party software or libraries.

Version 1.0.2

Version 1.0.2 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 6.1.x and above
CIM 4.1 and above
Platforms Linux
Vendor Products Box

Fixed issues

Version 1.0.2 of the Splunk Add-on for Box fixes the following issues.

Date resolved Issue number Description
07/08/15 ADDON-4491 Change default event historical event collection to 300 days to help prevent accidental error states and expose configuration option for this in the setup UI.
07/07/15 ADDON-3870 Improve behavior for already-configured passwords upon configuration change.
07/06/15 ADDON-4188 Add-on sets timestamp of historical enterprise events to the data collection time instead of the created_at time.
07/06/15 ADDON-3928 Missing CIM-compliant action value for Authentication data model.
07/06/15 ADDON-4459 Failed to get Enterprise events when there are more than 500 events in 20 seconds.
07/06/15 ADDON-4460 Proxy support needed in add-on conf file.

Known issues

Version 1.0.2 of the Splunk Add-on for Box has the following known issues.

Date filed Issue number Description
2016-01-30 ADDON-7646 FIPS mode is not supported by this add-on. For a workaround, see Add-ons and FIPS mode in the Splunk Add-ons manual.
2016-01-13 ADDON-5325 requireClientCert=true in server.conf is not supported by add-ons using modular inputs and REST. If this setting is enabled in server.conf, communication is broken between the modular input and splunkd and the add-on stops collecting data. The following error appears in the splunkd.log: "SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate." The workaround is to set requireClientCert=false.
2015/12/14 ADDON-6984 Default event collection frequency should be 120 seconds to avoid Box API rate limiting errors.
07/13/15 SPL-104020 Timezone of the timestamp in enterprise events is ignored, causing discrepancy for events that do not originate in the same timezone as the machine responsible for data collection.
07/10/15 ADDON-4508 If you update the setup page and enter a start date in the wrong format, the updates are not applied. Workaround: Enter a valid start date for Enterprise event collection to avoid reverting to the default start date (300 days ago). You can search for errors related to this by searching for eventtype=box_setup_error.
07/10/15 ADDON-4508 Updates to proxy usernames or passwords fail if both values are not updated together. Workaround: If you configure a proxy with a username and password, then later want to delete it, you must delete both the username and password values so they are both empty, then save. If you want to make changes, specify both the username and password values.
04/21/15 ADDON-3814 Clien

t secret is obfuscated, making troubleshooting more difficult.

Third-party software attributions

Version 1.0.2 of the Splunk Add-on for Box incorporates the Httplib2 Python library.

Version 1.0.1

Version 1.0.1 of the Splunk Add-on for Box has the same compatibility specifications as version 1.0.2.

Migration notes

In order to fix an issue with gathering events from the Box API, the 1.0.1 release adjusted the behavior of the event input. No specific migration activity is required as a result of these changes.

The event input now collects only one year's worth of historical events when you enable the event for the first time, instead of all events. This does not affect users upgrading from version 1.0.0. However, you can now set the date from which event data should be corrected using the configuration file. See the input configuration instructions for details.

Also, in version 1.0.1, the event input collects data in intervals of 30 seconds by default. This is a change from the previous setting of 20 seconds. Any existing event inputs set to the default interval are automatically adjusted to 30 seconds in this release. You can edit the interval at any time.

Fixed issues

Version 1.0.1 of the Splunk Add-on for Box fixed the following issue.

Date Issue number Description
05/04/15 ADDON-3870 Event gathering fails on Box API.

Known issues

Version 1.0.1 of the Splunk Add-on for Box had the following known issues.

Date Issue number Description
07/06/15 ADDON-4459 Failed to get Enterprise events when there are more than 500 events in 20 seconds.
07/06/15 ADDON-4460 Proxy support needed in add-on conf file.
06/08/15 ADDON-4188 Add-on sets timestamp of historical enterprise events to the data collection time instead of the created_at time. To search for historical data, search using the created_at field, possibly including a timezone offset conversion, for historical data.
05/05/15 ADDON-3928 Missing CIM-compliant action value for Authentication data model.
04/21/15 ADDON-3814 Client secret is obfuscated, making troubleshooting more difficult.

Third-party software attributions

Version 1.0.1 of the Splunk Add-on for Box incorporates the Httplib2 Python library.


Version 1.0.0

Version 1.0.0 of the Splunk Add-on for Box has the same compatibility specifications as Version 1.0.1.

New features

Version 1.0.0 of the Splunk Add-on for Box had the following new features.

Date Issue number Description
03/23/15 ADDON-1389 New Splunk-supported add-on with inputs for enterprise events, file and folder metadata, collaboration information, and user and user group data, CIM mapping, and prebuilt panels.

Known issues

Version 1.0.0 of the Splunk Add-on for Box had the following known issues.

Date Issue number Description
05/05/15 ADDON-3928 Missing CIM-compliant action value for Authentication data model.
04/22/15 ADDON-3870 Event gathering fails on Box API.
04/21/15 ADDON-3814 Client secret is obfuscated, making troubleshooting more difficult.

Third-party software attributions

Version 1.0.0 of the Splunk Add-on for Box incorporates the Httplib2 Python library.

PREVIOUS
Release notes for the Splunk Add-on for Box
  NEXT
Installation and configuration overview for the Splunk Add-on for Box

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters