Closed mbegan closed 3 years ago
What is the update on this issue?
Hello! Thanks for the Add-on!
Currently trying to get rid of the API rate warnings for the App endpoint but I am getting them whether I set the throttling threshold pct up to 90% or down to 10%. Anything I could be missing?
I usually start with trying to convince people that the app metric is almost entirely worthless.
It is ridiculously inefficient because the app API doesn't support date filters and as a result produces 100's of thousands of API calls to enumerate every application and every appUser of every application only to throw away 90% of that data and produce a "micro" object expressing the user <-> app relationship.
https://github.com/mbegan/Okta-Identity-Cloud-for-Splunk/blob/master/README/FAQ_DataTypes.md
If you want to grab the "development" branch version of the main executable input_module_okta_identity_cloud.py it seems to do a good job at avoiding the warning threshold, I just haven't had time to package and test the entire thing.
basically just download that file and use it to replace the current one.
it assumes the warning threshold is 50% (which is purposefully low) you can adjust it by defining a new value warning_threshold
to the [additional_parameters]
stanza of the local ta_okta_identity_cloud_for_splunk_settings.conf
file.
Feedback on functionality is welcome.
This is addressed in 32a95b5
To reduce the warning messages generated when this add-on is running allow the admin to define their warning threshold (a percentage of the available).
When defined adjust the rate limit algo to assume the warning level is the new limit