All Apps and Add-ons

Ingest Zoom logs in Splunk Cloud without a Heavy Forwarder?


Is it possible to use Splunk Connect for Zoom in a managed Splunk Cloud environment without an on-prem Heavy Forwarder? As far as I'm aware, Zoom only supports webhook-based logging which isn't compatible with Splunk Cloud (for some reason). Using a Heavy Forwarder isn't an option but open to other workarounds if any exist.

Scenario is:
- Running a managed Splunk Cloud instance on version 7.2.9
- Running an Inputs Data Manager (IDM) instance on version 7.2.9
- No heavy forwarder

Labels (1)

Splunk Employee
Splunk Employee

Alternative is to use http event collector (HEC) raw endpoint directly along with allowQueryStringAuth setting. This will allow you to specify HEC token directly in the URL.

More info here

Note: On cloud you'll have to open a support ticket to set allowQueryStringAuth to true on your HEC endpoint

0 Karma


What route did you end up going?

0 Karma
Get Updates on the Splunk Community!

Observability | How to Think About Instrumentation Overhead (White Paper)

Novice observability practitioners are often overly obsessed with performance. They might approach ...

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

IDC Report: Enterprises Gain Higher Efficiency and Resiliency With Migration to Cloud  Today many enterprises ...

The Great Resilience Quest: 10th Leaderboard Update

The tenth leaderboard update (11.23-12.05) for The Great Resilience Quest is out >> As our brave ...