All Apps and Add-ons

Microsoft Teams Add-on for Splunk on a Cloud IDM

paulbannister
Communicator

Hi All,

We have an IDM in our cloud environment and we would like to ingest data & logs from Teams with the Add-On installed there, has anyone had any success doing this or is the only way to utilise a Heavy Forwarder?

Labels (1)
0 Karma

thambisetty
Super Champion

@paulbannister 

Splunk IDM is basically Heavy forwarder running on Linux part of Splunk cloud subscription stack.

If any TA which is compatible to run on Linux Splunk HF then it should ideally work on Splunk IDM. 

I know that Splunk support doesn't support if the TA is not marked to be compatible with Splunk Cloud. But still you could request Splunk support to install on IDM and give a try.  

————————————
If this helps, give a like below.
0 Karma

paulbannister
Communicator

Hi @thambisetty 

I've had it installed on our IDM already and Splunk Support have stated there is no reason it shouldn't work so we have been looking to configure with no luck so far

However I've got a feeling that the issue may lie on our Teams admin side trying to configure the credentials, tokens and certs correctly for "public" access, just trying to ascertain if anyone had any success so far with this setup and what pitfalls were encountered

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Updates (ESCU) - New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 3 releases of new content via the Enterprise ...

Thought Leaders are Validating Your Hard Work and Training Rigor

As a Splunk enthusiast and member of the Splunk Community, you are one of thousands who recognize the value of ...

.conf23 Registration is Now Open!

Time to toss the .conf-etti 🎉 —  .conf23 registration is open!   Join us in Las Vegas July 17-20 for ...