All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Microsoft Teams Call Overview - Unable to see any logs?

Jmichalskisrt
New Member
‎10-28-2020 07:51 AM

My company is currently using splunk to grab all office365 logs. We are currently having issues with teams. I can see most data, When I go to teams call overview I'm unable too see any logs.  

sourcetype=m365:teams:callRecord - Should we be able to see this?  Im not getting any logs from this source type. Any help would be appreciated.

splunk.PNG

Labels (2)
Labels
0 Karma
Reply

SinghK
Builder
‎06-07-2021 04:32 AM

The sourcetype you are looking for comes from https://splunkbase.splunk.com/app/4994/

splunk addon for msteams

you can configure this using this article.

https://idp.login.splunk.com/app/splunk-ext_wwwaem_1/exk9jrrdivHzSWhlX2p7/sso/saml 

hope this helps..

0 Karma
Reply

SinghK
Builder
‎06-04-2021 12:45 AM

I recently started the msteams integration with splunk. call records  data came in for a day then it stopped. but i think it has something to do with subscription. As when i checked the subscription logs it was giving an error 404 page not found. seems like an issue on MS end but still trying to figure it out.

0 Karma
Reply

norbertt911
Path Finder
‎08-30-2022 04:47 AM

Hi,

The same thing happened to me. Did you find the solution? Delete/reenter the subscription input solves it, but this is not a long-term solution. If the call record feed stops the events will be lost in space - No way to fetch "historical" events...

0 Karma
Reply

Jmichalskisrt
New Member
‎10-28-2020 12:04 PM

I will try though, I see that there is no sourcetype=m365:teams:callRecord. I figured there would be since this is the out of the box splunk addin for o365. 

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-28-2020 08:50 AM

If you're not ingesting data of a particular sourcetype then dashboards which use that sourcetype will be empty.  There are some ways to correct that: 1) onboard the expected data; 2) modify the dashboard to use the sourcetype you have; 3) change your onboarding to ingest the data as the expected sourcetype.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

sirhc505
Observer
‎12-07-2020 07:32 PM

I believe the issue may lie in how the Add-on is either written or Microsoft changed something. On October 27th I stopped receiving the data that would populate that dashboard. Either through re-setting up the agent or creating a new Service account in Azure I have been unsuccessful in getting that data from Office 365. 

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...