All Apps and Add-ons

Ingest Zoom logs in Splunk Cloud without a Heavy Forwarder?

rh46
Engager

Is it possible to use Splunk Connect for Zoom in a managed Splunk Cloud environment without an on-prem Heavy Forwarder? As far as I'm aware, Zoom only supports webhook-based logging which isn't compatible with Splunk Cloud (for some reason). Using a Heavy Forwarder isn't an option but open to other workarounds if any exist.

Scenario is:
- Running a managed Splunk Cloud instance on version 7.2.9
- Running an Inputs Data Manager (IDM) instance on version 7.2.9
- No heavy forwarder

Labels (1)

svasani_splunk
Splunk Employee
Splunk Employee

Alternative is to use http event collector (HEC) raw endpoint directly along with allowQueryStringAuth setting. This will allow you to specify HEC token directly in the URL.

More info here https://www.splunk.com/en_us/blog/tips-and-tricks/splunking-webhooks-with-the-http-event-collector.h...

Note: On cloud you'll have to open a support ticket to set allowQueryStringAuth to true on your HEC endpoint

0 Karma

gregz00
Observer

What route did you end up going?

0 Karma
Get Updates on the Splunk Community!

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

Register Join this Tech Talk to learn how unique features like Service Centric Views, Tag Spotlight, and ...