Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Microsoft Teams Add-on for Splunk Azure Subscription creation/update failing occasionally

ahennewig_sva
Observer
‎07-05-2024 02:13 AM

Hi,

we are currently experiencing reliability issues when using the Microsoft Teams Add-on for Splunk  (https://splunkbase.splunk.com/app/4994😞

  1. The renewal of the Azure Subscription, which should take place every 24h does not work sometimes and will not start again unless we create new inputs (subscription, webhook, call records). I did not find an error message regarding this in the logs. We build an alert for this problem.  We use the TA from a HF in the DMZ. So it is possible that we missed a FW-rule for one of Microsofts Graph IPs. The problem does not appear in regular intervals.
  2. Rarely the webhook will crash, requiring a restart of the Splunk process. 

Has anyone experienced similar issue and has a solution to this problem?

0 Karma
Reply

bpelaia
Engager
‎05-16-2025 10:41 AM

Hi,

I got the same issue.

I wrote a small patch for the teams_subscription.py binary to solve it.

It is based on release 2.0.0.

The patch is attached as TA_MS_Teams-bruno.patch.txt.

To use it, just save the file as TA_MS_Teams-bruno.patch in the $SPLUNK_HOME/etc/apps directory and apply it using the following command in the TA_MS_Teams directory:

pelai@xps MINGW64 /d/src/TA_MS_Teams
$ patch -p1 < ../TA_MS_Teams-bruno.patch.txt
patching file bin/teams_subscription.py
pelai@xps MINGW64 /d/src/TA_MS_Teams
$

 It is possible to revert the patch at anytime just using patch with the -R parameter.

I hope this can help.

B.

Preview file
2 KB
0 Karma
Reply

marnall
Motivator
‎07-11-2024 12:55 PM

For issue 1 I have also had this problem, where the subscription just stops working and does not auto-correct.

There is a lookup in the Splunk Enterprise instance which contains subscription information. You can make a scheduled search to overwrite this lookup, and then the app will make a new subscription and the logs should come in again. 

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security(ES) 7.3 is approaching the end of support. Get ready for ...

Hi friends!    At Splunk, your product success is our top priority. With Enterprise Security (ES), we're here ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk, and empower your SOC to reach new heights! Duration: 1 hour  Prepare to ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...