Set up the Splunk Add-on for Box¶

Before you follow the instructions on this page to set up the Splunk Add-on for Box, be sure to obtain your client ID and client secret from Box.

Account Configuration¶

On Splunk Web, go to the Splunk Add-on for Box, either by clicking the name of this add-on on the left navigation banner or by going to Manage Apps, then clicking Launch App in the row for the Splunk Add-on for Box.
Click the Configuration tab.
Click the Accounts tab. Click on Add.
Enter a name for the account in the Account Name field.

From the Auth Type drop-down menu, select the appropriate authentication flow based on your use case.

Configure OAuth 2.0 - Authorization Code Grant Type¶

It requires interactive login to Box.

In the Add Box Account dialog box, fill in the required fields:

Field	Description
Account Name	The name of your Box account.
Auth Type	The type of authentication.
Client ID	The client ID that you obtained from Box.
Client Secret	The client secret that you obtained from Box.
Redirect URL	Copy this Redirect URL and paste it into the OAuth 2.0 Redirect URI field in your Box app configuration.

Click Add. The Splunk platform opens a new window to the Box login page.
Within 30 seconds, enter your Box account credentials.
Click Grant Access to Box. If you don’t enter credentials in time, the request will time out.
(Optional) To configure multiple accounts, make sure you’re logged into the correct Box account in the same browser session. If unsure:
1. Log out of your Box account in the browser.
2. Open Splunk Web in the same browser.
3. Navigate to the Splunk Add-on for Box, and go to the Configuration tab.
4. Enter the Client ID and Client Secret of the desired Box account.
5. Click the Save button. A pop-up will ask you to log in to Box.
6. Enter your credentials.
7. Click Grant Access to Box.
8. Once the configuration is saved, repeat for other accounts as needed.

Configure OAuth 2.0 - Client Credentials Grant Type¶

It does not require user interaction.

In the Add Box Account dialog box, fill in the required fields:

Field	Description
Account Name	The name of your Box account.
Auth Type	The type of authentication.
Client ID	The client ID that you obtained from Box.
Client Secret	The client secret that you obtained from Box.
Box User ID	The Box User ID of the user.

Click Add. Splunk will use the client credentials to obtain a token without requiring a browser login.
Ensure your Box app has been authorized in the Box Admin Console under Integrations > Platform Apps Manager.

Note

If scopes, advanced settings, or access levels are changed in the Box app, it must be re-authorized in the Admin Console, and the Box account must be reconfigured in Splunk.

If you’re using a proxy, check Enable Proxy and fill in the required fields under the Configuration tab. For CLI-based configuration, see Configure a proxy using configuration files.
If authentication succeeds, the add-on securely saves the access token and refreshes it internally.If authentication fails, you may see: “Request time out while authenticating. Please try again.” Double-check the client credentials and Box app configuration, and try again.

Next, configure your inputs.

(Optional) Change logging level¶

On Splunk Web, go to the Splunk Add-on for Box, either by clicking the name of this add-on on the left navigation banner or by going to Manage Apps, then clicking Launch App in the row for the Splunk Add-on for Box.
Click the Configuration tab.
Click the Logging tab.
Select a new logging level from the drop-down menu.
Click Save to save your configurations.

(Optional) Proxy setup¶

On Splunk Web, go to the Splunk Add-on for Box, either by clicking the name of this add-on on the left navigation banner or by going to Manage Apps, then clicking Launch App in the row for the Splunk Add-on for Box.
Click the Configuration tab.
Click the Proxy tab.
Check Enable and fill in the required fields.

Configure a proxy using configuration files¶

You can also configure your proxy using the configuration files. This gives you access to a few advanced options.

Create or edit $SPLUNK_HOME/etc/apps/Splunk_TA_box/local/splunk_ta_box_settings.conf.

Fill in values for your proxy using the following structure:

[box_proxy]
proxy_enabled = 0
proxy_url =
proxy_port =
proxy_username =
proxy_password =
proxy_rdns = 1
proxy_type = http

Adjust the proxy_rdns to 0 if you want to use the local machine to do a DNS lookup. Leaving it at 1 means that the DNS lookup occurs through the proxy.
Adjust the proxy_type to http_no_tunnel if that is your preference.
Enable the proxy by setting proxy_enabled to 1.

Add SSL certificate to trust lists¶

If you encounter a SSLHandshakeError:

The SSL certificate entry might be missing from your certificate store.
The Box server is configured over a self-signed certificate and isn’t present in the library’s certificate store. Follow the below steps to resolve the issue:

Download the root CA certificate used in your Box deployment.
Copy the contents of the new certificate.
Navigate to $SPLUNK_HOME/etc/apps/Splunk_TA_box.
Create a new .pem file and add the content of the new certificate. Append the new certificate content if the file is already present.
Open the local/splunk_ta_box_settings.conf file in a text editor. Create a new one if not present.

Add the ca_certs_path parameter value as below:

[additional_parameters]
ca_certs_path=/opt/splunk/etc/apps/Splunk_TA_box/custom_ca_certs.pem # <absolute path to the <certs_file>.pem file>

Save your changes.
Restart your Splunk instance.

Note

Certificates of all the Box servers configured in the add-on must be present under the .pem file, if you are using the ca_certs_path parameter as mentioned in the above steps.