- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Has anybody here ever cracked the nut on how to send Splunk messages triggered by an alert to a Microsoft Teams "chat" (not a Teams channel)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @tlmayes,
What have you tried so far? If you already have a Microsoft 365 identity that represents your Splunk instance, grant the user or application the necessary Graph API permissions (Chat.ReadBasic and ChatMessage.Send for a user or Chat.ReadBasic.All and Teamwork.Migrate.All for an application), add the identity to a chat, and give the chat a unique name, e.g. "Splunk."
The basic process should be:
- Authenticate (https://learn.microsoft.com/en-us/graph/auth/auth-concepts).
- Find the chat by name by enumerating chats (https://learn.microsoft.com/en-us/graph/api/chat-list).
- Send a message to the chat (https://learn.microsoft.com/en-us/graph/api/chat-post-messages).
I don't have an enterprise Microsoft 365 account myself, but I can help you develop an alert action script here if you don't already have something started.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks.... this was the only path we found to work as well. Appreciate the confirmation
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @tlmayes,
What have you tried so far? If you already have a Microsoft 365 identity that represents your Splunk instance, grant the user or application the necessary Graph API permissions (Chat.ReadBasic and ChatMessage.Send for a user or Chat.ReadBasic.All and Teamwork.Migrate.All for an application), add the identity to a chat, and give the chat a unique name, e.g. "Splunk."
The basic process should be:
- Authenticate (https://learn.microsoft.com/en-us/graph/auth/auth-concepts).
- Find the chat by name by enumerating chats (https://learn.microsoft.com/en-us/graph/api/chat-list).
- Send a message to the chat (https://learn.microsoft.com/en-us/graph/api/chat-post-messages).
I don't have an enterprise Microsoft 365 account myself, but I can help you develop an alert action script here if you don't already have something started.
