All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Microsoft Teams Call Overview - Unable to see any logs?

Jmichalskisrt
New Member
‎10-28-2020 07:51 AM

My company is currently using splunk to grab all office365 logs. We are currently having issues with teams. I can see most data, When I go to teams call overview I'm unable too see any logs.  

sourcetype=m365:teams:callRecord - Should we be able to see this?  Im not getting any logs from this source type. Any help would be appreciated.

splunk.PNG

Labels (2)
Labels
0 Karma
Reply

SinghK
Builder
‎06-07-2021 04:32 AM

The sourcetype you are looking for comes from https://splunkbase.splunk.com/app/4994/

splunk addon for msteams

you can configure this using this article.

https://idp.login.splunk.com/app/splunk-ext_wwwaem_1/exk9jrrdivHzSWhlX2p7/sso/saml 

hope this helps..

0 Karma
Reply

SinghK
Builder
‎06-04-2021 12:45 AM

I recently started the msteams integration with splunk. call records  data came in for a day then it stopped. but i think it has something to do with subscription. As when i checked the subscription logs it was giving an error 404 page not found. seems like an issue on MS end but still trying to figure it out.

0 Karma
Reply

norbertt911
Communicator
‎08-30-2022 04:47 AM

Hi,

The same thing happened to me. Did you find the solution? Delete/reenter the subscription input solves it, but this is not a long-term solution. If the call record feed stops the events will be lost in space - No way to fetch "historical" events...

0 Karma
Reply

Jmichalskisrt
New Member
‎10-28-2020 12:04 PM

I will try though, I see that there is no sourcetype=m365:teams:callRecord. I figured there would be since this is the out of the box splunk addin for o365. 

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-28-2020 08:50 AM

If you're not ingesting data of a particular sourcetype then dashboards which use that sourcetype will be empty.  There are some ways to correct that: 1) onboard the expected data; 2) modify the dashboard to use the sourcetype you have; 3) change your onboarding to ingest the data as the expected sourcetype.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

sirhc505
Observer
‎12-07-2020 07:32 PM

I believe the issue may lie in how the Add-on is either written or Microsoft changed something. On October 27th I stopped receiving the data that would populate that dashboard. Either through re-setting up the agent or creating a new Service account in Azure I have been unsuccessful in getting that data from Office 365. 

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...