All Apps and Add-ons
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- Re: Microsoft Teams AddOn and Splunk Cloud
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jasonabbott
Explorer
06-29-2020
12:13 PM
Hi, I'm trying to configure the Teams Add-on for Splunk (https://splunkbase.splunk.com/app/4994) on Splunk Cloud and I have gotten the UserReport working just fine, but none of the other data works. I have created a WebHook pointing to idm-xx.splunkcloud.com to ingest the CDR data, but I have received no traffic into it.
I've granted all the privileges to the Azure App that are called for in the detailed directions.
In fact, nothing but the User Reports are working. Is there a step I'm missing?
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jasonabbott
Explorer
07-01-2020
05:00 AM
I got it resolved; apparently I need to learn to read better :). You can't install the Add-on in Splunk Cloud, it has to be on a heavy forwarder. Once I did that and fixed the webhook (details here: https://community.splunk.com/t5/All-Apps-and-Add-ons/Ingesting-logs-from-Microsoft-Teams/m-p/506860/...), everything is working fine! Thanks!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jasonabbott
Explorer
07-01-2020
05:00 AM
I got it resolved; apparently I need to learn to read better :). You can't install the Add-on in Splunk Cloud, it has to be on a heavy forwarder. Once I did that and fixed the webhook (details here: https://community.splunk.com/t5/All-Apps-and-Add-ons/Ingesting-logs-from-Microsoft-Teams/m-p/506860/...), everything is working fine! Thanks!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
biagiodipalma
Explorer
04-23-2021
12:37 AM
How do you extract fields at search time if the app is not installed in Splunk Cloud instance?
I'm trying to ingest data from teams: my architecture has heavy forwarders that send data to Splunk Cloud.
Does the HF index data before sending to cloud?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Bodach
Observer
05-17-2021
03:11 AM
The app can still be installed on the Splunk Cloud search head for the search time knowledge etc. You just can't use the webhook.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
biagiodipalma
Explorer
05-17-2021
05:19 AM
In the end I had to edit the app manually because it was not accepted by Splunk AppInspect: I know that the app is useful for search time knowledge etc, but it's not compliant.
This is my solution.
Get Updates on the Splunk Community!
Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...
This is the third post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...
Splunk Community Badges!
Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...
What You Read The Most: Splunk Lantern’s Most Popular Articles!
Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...
