Hi All,
We have an IDM in our cloud environment and we would like to ingest data & logs from Teams with the Add-On installed there, has anyone had any success doing this or is the only way to utilise a Heavy Forwarder?
Splunk IDM is basically Heavy forwarder running on Linux part of Splunk cloud subscription stack.
If any TA which is compatible to run on Linux Splunk HF then it should ideally work on Splunk IDM.
I know that Splunk support doesn't support if the TA is not marked to be compatible with Splunk Cloud. But still you could request Splunk support to install on IDM and give a try.
Hi @thambisetty
I've had it installed on our IDM already and Splunk Support have stated there is no reason it shouldn't work so we have been looking to configure with no luck so far
However I've got a feeling that the issue may lie on our Teams admin side trying to configure the credentials, tokens and certs correctly for "public" access, just trying to ascertain if anyone had any success so far with this setup and what pitfalls were encountered