Splunk® Supported Add-ons

Splunk Add-on for Box

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Set up the Splunk Add-on for Box

Before you follow the instructions on this page to set up the Splunk Add-on for Box, be sure to obtain your client ID and client secret from Box.

  1. On Splunk Web, go to the Splunk Add-on for Box, either by clicking the name of this add-on on the left navigation banner or by going to Manage Apps, then clicking Launch App in the row for the Splunk Add-on for Box.
  2. Click the Configuration tab.
  3. Click the Accounts tab.
  4. In the Add Box Account dialogue box, fill in the required fields:
    Field Description
    Account Name The name of your Box account.
    Client ID The client ID that you obtained from Box.
    Client Secret The client secret that you obtained from Box.
    Redirect URL Copy the Redirect URL here and paste it in your app configuration of Box.
  5. To trigger OAuth 2.0 authentication, click Add. The Splunk platform opens a new window to the Box login page.
  6. Within 30 seconds, enter your credentials for the Box account that you used to obtain the client ID and client secret.
  7. Click Grant Access to Box. If you don't successfully enter credentials within 30 seconds, the request times out.
  8. (Optional) To configure multiple accounts, in the Splunk Add-on for Box, make sure that you are logged-in in to the Box account that you want to configure. If you are unsure which account you have logged-in in the Box for the same browser, perform the following steps:
    1. In a compatible web browser, navigate to your Box account, and log out of your account.
    2. In the same browser, navigate to your Splunk platform instance, and open Splunk Web.
    3. In Splunk Web, navigate to the Splunk Add-on for Box, and click on the Configuration page.
    4. Enter the client ID and client secret of your Box account.
    5. Click the "Save" button. A pop up will ask to log in into the Box account.
    6. Enter the credentials of your Box account.
    7. Click Grant Access to Box.
    8. Once the save is successful, navigate to your Box account, and repeat the process to configure any additional Box accounts.
  9. If you are using a proxy, check Enable Proxy and fill in the required fields on the Configuration tab. For instructions on configuring this through the CLI, including advanced options, see Configure a proxy using configuration files.
  10. If authentication succeeds, the add-on saves the access token and refreshes it internally. If authentication fails, you see this message: "Request time out while authenticating. Please try again." If you see this message, check your client ID and client secret are correct and try again.

Next, configure your inputs.

(Optional) Change logging level

  1. On Splunk Web, go to the Splunk Add-on for Box, either by clicking the name of this add-on on the left navigation banner or by going to Manage Apps, then clicking Launch App in the row for the Splunk Add-on for Box.
  2. Click the Configuration tab.
  3. Click the Logging tab.
  4. Select a new logging level from the drop-down menu.
  5. Click Save to save your configurations.

(Optional) Proxy setup

  1. On Splunk Web, go to the Splunk Add-on for Box, either by clicking the name of this add-on on the left navigation banner or by going to Manage Apps, then clicking Launch App in the row for the Splunk Add-on for Box.
  2. Click the Configuration tab.
  3. Click the Proxy tab.
  4. Check Enable and fill in the required fields.

Configure a proxy using configuration files

You can also configure your proxy using the configuration files. This gives you access to a few advanced options.

  1. Create or edit $SPLUNK_HOME/etc/apps/Splunk_TA_box/local/splunk_ta_box_settings.conf.
  2. Fill in values for your proxy using the following structure:
    [box_proxy]
    proxy_enabled = 0
    proxy_url =
    proxy_port =
    proxy_username =
    proxy_password =
    proxy_rdns = 1
    proxy_type = http
    
  3. Adjust the proxy_rdns to 0 if you want to use the local machine to do a DNS lookup. Leaving it at 1 means that the DNS lookup occurs through the proxy.
  4. Adjust the proxy_type to http_no_tunnel if that is your preference.
  5. Enable the proxy by setting proxy_enabled to 1.

Add SSL certificate to trust lists

Perform the following search to check whether SSL certificate validation is failing for the Splunk Add-on for Box:

  1. index="_internal" source=*box* CERTIFICATE_VERIFY_FAILED

  2. Check whether you see this warning message:
    [SSL: CERTIFICATE_VERIFY_FAILED] certificate verification failed. The certificate validation is enabled. You may need to check the certificate and refer to the documentation and add it to the trust list.
    
  3. If you see this message, you need to add your Box certificate to your $SPLUNK_HOME/etc/apps/Splunk_TA_box/lib/httplib2/cacerts.txt and $SPLUNK_HOME/etc/apps/Splunk_TA_box/lib/certifi/cacert.pem files by following these steps:
  4. Navigate to https://apps.box.com.
  5. Download the certificate from your browser.
  6. Copy the downloaded certificate into the beginning of the $SPLUNK_HOME/etc/apps/Splunk_TA_box/lib/certifi/cacert.pem without deleting anything in the files.
  7. Save the files.
  8. Restart your Splunk platform.
  9. Check whether Box data ingestion is now working.

SSL certificates are overwritten to the default setting when you upgrade the Splunk Add-on for Box. Repeat these steps when you upgrade to newer versions of this add-on.

Last modified on 16 November, 2021
PREVIOUS
Configure credentials on Box for the Splunk Add-on for Box
  NEXT
Configure inputs for the Splunk Add-on for Box

This documentation applies to the following versions of Splunk® Supported Add-ons: released, released


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters