cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
jasonabbott
Explorer
Member since: ‎06-29-2020
‎08-06-2020
Community Statistics
Posts 8
Solutions 2
Karma Given 1
Karma Received 4
Member Since ‎06-29-2020
Activity Feed
View All

Re: Ingesting logs from Microsoft Teams

by in All Apps and Add-ons
‎08-03-2020 06:34 AM
1 Karma
‎08-03-2020 06:34 AM
1 Karma
I see the confusion!  The "Name" of the webhook is just for internal use.  The name you use for the "Webhook URL" in the Teams Subscription is https://<serverwhereaddonisrunning>:<port> Make sure, as I said, that https://<serverwhereaddonisrunning>:<port> is available from the MSFT internet ranges! ... View more

Re: Ingesting logs from Microsoft Teams

by in All Apps and Add-ons
‎07-30-2020 09:20 AM
1 Karma
‎07-30-2020 09:20 AM
1 Karma
That's correct, my cert is on the HF only.  The firewall between the two is a fairly "stupid" setup in that it only allows port/protocol and doesn't do traffic inspection. ... View more

Re: Ingesting logs from Microsoft Teams

by in All Apps and Add-ons
‎07-30-2020 08:53 AM
‎07-30-2020 08:53 AM
So, a quick couple of things: 1) Your webhook needs to talk HTTPS, it doesn't need to be on 443.  My test, for instance, is on port 4443. 2) My webhook has allow from all for the moment, but I am working on tightening it down to microsoft's network ranges (see this page: https://docs.microsoft.com/en-us/office365/enterprise/urls-and-ip-address-ranges).  If it stops working when I change my ACL, I will post here. **EDIT** I updated my ACL to only use the ranges listed in the post above (13.107.6.152/31, 13.107.18.10/31, 13.107.128.0/22, 23.103.160.0/20, 40.96.0.0/13, 40.104.0.0/15, 52.96.0.0/14, 131.253.33.215/32, 132.245.0.0/16, 150.171.32.0/22, 191.234.140.0/22, 204.79.197.215/32) and my CDR's are still flowing correctly.  I will check tomorrow to make sure my user details are still flowing correctly.   **EDIT #2** Verified this morning that all my user data is flowing correctly into the TA. ... View more

Re: Ingesting logs from Microsoft Teams

by in All Apps and Add-ons
‎07-01-2020 07:25 AM
‎07-01-2020 07:25 AM
Exactly!  Once I did that I have data not only in the Remote Work Insights app, but also in the M365 Teams section.  ... View more

Re: Microsoft Teams AddOn and Splunk Cloud

by in All Apps and Add-ons
‎07-01-2020 05:00 AM
‎07-01-2020 05:00 AM
I got it resolved; apparently I need to learn to read better :). You can't install the Add-on in Splunk Cloud, it has to be on a heavy forwarder.  Once I did that and fixed the webhook (details here: https://community.splunk.com/t5/All-Apps-and-Add-ons/Ingesting-logs-from-Microsoft-Teams/m-p/506860/highlight/true#M62281), everything is working fine!  Thanks! ... View more

Re: Ingesting logs from Microsoft Teams

by in All Apps and Add-ons
‎07-01-2020 04:58 AM
2 Karma
‎07-01-2020 04:58 AM
2 Karma
Having literally just gone through this, I'll try to help!  What was broken for me (and giving the same headache) sounds like exactly what you're seeing. If you're getting user reports then your app is correct and the permissions are correct.  What is broken is your either your subscription, webhook, or CDR.  For me, it was the webhook/subscription because they both are interconnected. First, the Webhook.  The webook has to live on the HF where the Add-on is installed.  The port you give it must be accessible from the public internet (because that's how teams works) and MUST be SSL.  Otherwise nothing will work.  Easiest way to test is to go to the public IP address (from something on the internet) and test https://<webhookName>:<portdefined> and you should get: {"success": true} My config looks like this:                 When I got my webhook URL (via https, hostname, port) I get a success. Once that's done, you configure the Subscription to reference the correct webhook URL. After that, data should start flowing.   Hope this helps, hit me up if you need more help with it! ... View more

Re: RWI Executive dashboard

by in All Apps and Add-ons
‎06-30-2020 04:31 AM
‎06-30-2020 04:31 AM
Make sure you installed the add-on for RWI also; if you don't have both it errors like you're seeing. https://splunkbase.splunk.com/app/5063/ is the Add-on You also then need any sort of Add-On's for your tech stack; like the Zoom Add-on (https://splunkbase.splunk.com/app/4961/) or the Microsoft Teams Add-on (https://splunkbase.splunk.com/app/4994).   ... View more

Microsoft Teams AddOn and Splunk Cloud

by in All Apps and Add-ons
‎06-29-2020 12:13 PM
‎06-29-2020 12:13 PM
Hi, I'm trying to configure the Teams Add-on for Splunk (https://splunkbase.splunk.com/app/4994) on Splunk Cloud and I have gotten the UserReport working just fine, but none of the other data works.  I have created a WebHook pointing to idm-xx.splunkcloud.com to ingest the CDR data, but I have received no traffic into it. I've granted all the privileges to the Azure App that are called for in the detailed directions.   In fact, nothing but the User Reports are working.  Is there a step I'm missing?   ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎08-06-2020 05:00 PM
Karma from
View All
Karma given to
View All