Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Microsoft Teams Add-on for Splunk Azure Subscription creation/update failing occasionally

ahennewig_sva
Observer
‎07-05-2024 02:13 AM

Hi,

we are currently experiencing reliability issues when using the Microsoft Teams Add-on for Splunk  (https://splunkbase.splunk.com/app/4994😞

  1. The renewal of the Azure Subscription, which should take place every 24h does not work sometimes and will not start again unless we create new inputs (subscription, webhook, call records). I did not find an error message regarding this in the logs. We build an alert for this problem.  We use the TA from a HF in the DMZ. So it is possible that we missed a FW-rule for one of Microsofts Graph IPs. The problem does not appear in regular intervals.
  2. Rarely the webhook will crash, requiring a restart of the Splunk process. 

Has anyone experienced similar issue and has a solution to this problem?

0 Karma
Reply

bpelaia
Engager
‎05-16-2025 10:41 AM

Hi,

I got the same issue.

I wrote a small patch for the teams_subscription.py binary to solve it.

It is based on release 2.0.0.

The patch is attached as TA_MS_Teams-bruno.patch.txt.

To use it, just save the file as TA_MS_Teams-bruno.patch in the $SPLUNK_HOME/etc/apps directory and apply it using the following command in the TA_MS_Teams directory:

pelai@xps MINGW64 /d/src/TA_MS_Teams
$ patch -p1 < ../TA_MS_Teams-bruno.patch.txt
patching file bin/teams_subscription.py
pelai@xps MINGW64 /d/src/TA_MS_Teams
$

 It is possible to revert the patch at anytime just using patch with the -R parameter.

I hope this can help.

B.

Preview file
2 KB
0 Karma
Reply

marnall
Motivator
‎07-11-2024 12:55 PM

For issue 1 I have also had this problem, where the subscription just stops working and does not auto-correct.

There is a lookup in the Splunk Enterprise instance which contains subscription information. You can make a scheduled search to overwrite this lookup, and then the app will make a new subscription and the logs should come in again. 

0 Karma
Reply
Get Updates on the Splunk Community!

Observability Unlocked: Kubernetes & Cloud Monitoring with Splunk IM

Ready to master Kubernetes and cloud monitoring like the pros? Join Splunk’s Growth Engineering team on ...

Index This | What did the zero say to the eight?

June 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this month’s ...

Splunk Observability Cloud's AI Assistant in Action Series: Onboarding New Hires & ...

This is the fifth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...