All Apps and Add-ons

Microsoft Teams Call Overview - Unable to see any logs?

Jmichalskisrt
New Member

My company is currently using splunk to grab all office365 logs. We are currently having issues with teams. I can see most data, When I go to teams call overview I'm unable too see any logs.  

sourcetype=m365:teams:callRecord - Should we be able to see this?  Im not getting any logs from this source type. Any help would be appreciated.

splunk.PNG

Labels (2)
0 Karma

SinghK
Builder

The sourcetype you are looking for comes from https://splunkbase.splunk.com/app/4994/

splunk addon for msteams

you can configure this using this article.

https://idp.login.splunk.com/app/splunk-ext_wwwaem_1/exk9jrrdivHzSWhlX2p7/sso/saml 

hope this helps..

0 Karma

SinghK
Builder

I recently started the msteams integration with splunk. call records  data came in for a day then it stopped. but i think it has something to do with subscription. As when i checked the subscription logs it was giving an error 404 page not found. seems like an issue on MS end but still trying to figure it out.

0 Karma

norbertt911
Path Finder

Hi,

The same thing happened to me. Did you find the solution? Delete/reenter the subscription input solves it, but this is not a long-term solution. If the call record feed stops the events will be lost in space - No way to fetch "historical" events...

0 Karma

Jmichalskisrt
New Member

I will try though, I see that there is no sourcetype=m365:teams:callRecord. I figured there would be since this is the out of the box splunk addin for o365. 

0 Karma

richgalloway
SplunkTrust
SplunkTrust

If you're not ingesting data of a particular sourcetype then dashboards which use that sourcetype will be empty.  There are some ways to correct that: 1) onboard the expected data; 2) modify the dashboard to use the sourcetype you have; 3) change your onboarding to ingest the data as the expected sourcetype.

---
If this reply helps you, Karma would be appreciated.
0 Karma

sirhc505
Observer

I believe the issue may lie in how the Add-on is either written or Microsoft changed something. On October 27th I stopped receiving the data that would populate that dashboard. Either through re-setting up the agent or creating a new Service account in Azure I have been unsuccessful in getting that data from Office 365. 

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...