Microsoft Teams Add-on for Splunk on a Cloud IDM

paulbannister · ‎11-24-2020

Hi All,

We have an IDM in our cloud environment and we would like to ingest data & logs from Teams with the Add-On installed there, has anyone had any success doing this or is the only way to utilise a Heavy Forwarder?

thambisetty · ‎11-25-2020

@paulbannister

Splunk IDM is basically Heavy forwarder running on Linux part of Splunk cloud subscription stack.

If any TA which is compatible to run on Linux Splunk HF then it should ideally work on Splunk IDM.

I know that Splunk support doesn't support if the TA is not marked to be compatible with Splunk Cloud. But still you could request Splunk support to install on IDM and give a try.

————————————
If this helps, give a like below.

paulbannister · ‎11-25-2020

Hi @thambisetty

I've had it installed on our IDM already and Splunk Support have stated there is no reason it shouldn't work so we have been looking to configure with no luck so far

However I've got a feeling that the issue may lie on our Teams admin side trying to configure the credentials, tokens and certs correctly for "public" access, just trying to ascertain if anyone had any success so far with this setup and what pitfalls were encountered

Microsoft Teams Add-on for Splunk on a Cloud IDM

configuration

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life