All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Ingest Zoom logs in Splunk Cloud without a Heavy Forwarder?

rh46
Engager
‎04-23-2020 05:51 PM

Is it possible to use Splunk Connect for Zoom in a managed Splunk Cloud environment without an on-prem Heavy Forwarder? As far as I'm aware, Zoom only supports webhook-based logging which isn't compatible with Splunk Cloud (for some reason). Using a Heavy Forwarder isn't an option but open to other workarounds if any exist.

Scenario is:
- Running a managed Splunk Cloud instance on version 7.2.9
- Running an Inputs Data Manager (IDM) instance on version 7.2.9
- No heavy forwarder

Labels (1)
Labels
Reply

svasani_splunk
Splunk Employee
Splunk Employee
‎07-15-2020 09:25 AM

Alternative is to use http event collector (HEC) raw endpoint directly along with allowQueryStringAuth setting. This will allow you to specify HEC token directly in the URL.

More info here https://www.splunk.com/en_us/blog/tips-and-tricks/splunking-webhooks-with-the-http-event-collector.h...

Note: On cloud you'll have to open a support ticket to set allowQueryStringAuth to true on your HEC endpoint

0 Karma
Reply

gregz00
Observer
‎07-02-2020 12:00 PM

What route did you end up going?

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...