Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Microsoft Teams Add-on for Splunk Azure Subscription creation/update failing occasionally

ahennewig_sva
Observer
‎07-05-2024 02:13 AM

Hi,

we are currently experiencing reliability issues when using the Microsoft Teams Add-on for Splunk  (https://splunkbase.splunk.com/app/4994😞

  1. The renewal of the Azure Subscription, which should take place every 24h does not work sometimes and will not start again unless we create new inputs (subscription, webhook, call records). I did not find an error message regarding this in the logs. We build an alert for this problem.  We use the TA from a HF in the DMZ. So it is possible that we missed a FW-rule for one of Microsofts Graph IPs. The problem does not appear in regular intervals.
  2. Rarely the webhook will crash, requiring a restart of the Splunk process. 

Has anyone experienced similar issue and has a solution to this problem?

0 Karma
Reply

bpelaia
Engager
‎05-16-2025 10:41 AM

Hi,

I got the same issue.

I wrote a small patch for the teams_subscription.py binary to solve it.

It is based on release 2.0.0.

The patch is attached as TA_MS_Teams-bruno.patch.txt.

To use it, just save the file as TA_MS_Teams-bruno.patch in the $SPLUNK_HOME/etc/apps directory and apply it using the following command in the TA_MS_Teams directory:

pelai@xps MINGW64 /d/src/TA_MS_Teams
$ patch -p1 < ../TA_MS_Teams-bruno.patch.txt
patching file bin/teams_subscription.py
pelai@xps MINGW64 /d/src/TA_MS_Teams
$

 It is possible to revert the patch at anytime just using patch with the -R parameter.

I hope this can help.

B.

Preview file
2 KB
0 Karma
Reply

marnall
Motivator
‎07-11-2024 12:55 PM

For issue 1 I have also had this problem, where the subscription just stops working and does not auto-correct.

There is a lookup in the Splunk Enterprise instance which contains subscription information. You can make a scheduled search to overwrite this lookup, and then the app will make a new subscription and the logs should come in again. 

0 Karma
Reply
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...