- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I`m following this article in an attempt to ingest Teams data into Splunk and I need some help with testing the webhook - can someone confirm what the webhook URL is ?
curl WEBHOOK_ADDRESS -d '{"value": "test"}'
Also, looking at the documentation for the Teams Add-on for Splunk it states that "theTeams Webhook is not available for Splunk Cloud installations." - has anyone found an alternative solution for Cloud Deployments ?
We use Splunk in a hybrid (cloud + on prem) environment.
Many thanks.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The following article answered all my questions:
https://community.splunk.com/t5/All-Apps-and-Add-ons/Ingesting-logs-from-Microsoft-Teams/m-p/506702
Thanks.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The following article answered all my questions:
https://community.splunk.com/t5/All-Apps-and-Add-ons/Ingesting-logs-from-Microsoft-Teams/m-p/506702
Thanks.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Paul,
The Microsoft Teams Add-on for Spunk includes a Microsoft Teams-specific webhook that I`ve configured, but the documentation (link above) does not include the webhook URL for me to test., which is what I`m after.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Okay, so you've already defined a webhook address that is pointing directly to your data collection node or any load balancer, reverse proxy, or tunnel in front.
Then replace the WEBHOOK_ADDRESS placeholder with your defined webhook address and execute the curl command.
The test is successful if your test event is searchable with
sourcetype="m365:webhook"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Paul,
Unfortunately I didn`t get that far - when I created a new input in Splunk - add Teams Webhook, there`s no option to specify the URL, as per the screenshot attached. So I`m not sure where/how the webhook needs to be defined.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ahh, got it. You have to define 3 different Inputs :
1. Create a Teams Webhook input
2. Create a Teams Subscription input
3. Create a Teams Call Record input
As described in the details of Microsoft Teams Add-on for Splunk | Splunkbase.
In the Subscription input you can define the Webhook URL.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You must provide the webhook address that you wanna call from Microsoft Teams. How you do the configuration on Microsoft Teams is described here: Create and add an outgoing webhook in Teams - Microsoft Support
Regarding Splunk Cloud the documentation recommends Azure Function as an alternative:
Note: The Teams Webhook is not available for Splunk Cloud installations. Consider Azure Functions as an alternative.
