You have to configure the webhook input as described in the shared dcos. Launch the Microsoft Teams Add-on for Splunk. Select Inputs > Create New Input > Teams Webhook. Have you done it? If not create the input first and then: The webhook address will be available via the internal ip on the instance where you've configured the webhook and you have to use the port that you've configured during the webhook setup. curl <internal_ip_of_your_splunk_instance>:<the_configured_port> -d '{"value": "test"}' For an initial test you could execute the curl on the same instance where you've configured the webhook. curl 127.0.0.1:<the_configured_port> -d '{"value": "test"}' To make the webhook address publicly accessible there are different ways of course as mentioned in the documentation The webhook must be a publicly accessible, HTTPS-secured endpoint that is addressable via a URL. You have two options to set up the Splunk instance running the Teams add-on. You can make it publicly accessible via HTTPS. Or you can use a load balancer, reverse proxy, tunnel, etc. in front of your Splunk instance running the add-on. The second option here can be preferable if you don't want to expose the Splunk heavy forwarder to the internet, as the public traffic terminates at that demarcation and then continues on internally to the Splunk heavy forwarder.
... View more