Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Microsoft Teams Add-on for Splunk Azure Subscription creation/update failing occasionally

ahennewig_sva
Observer
‎07-05-2024 02:13 AM

Hi,

we are currently experiencing reliability issues when using the Microsoft Teams Add-on for Splunk  (https://splunkbase.splunk.com/app/4994😞

  1. The renewal of the Azure Subscription, which should take place every 24h does not work sometimes and will not start again unless we create new inputs (subscription, webhook, call records). I did not find an error message regarding this in the logs. We build an alert for this problem.  We use the TA from a HF in the DMZ. So it is possible that we missed a FW-rule for one of Microsofts Graph IPs. The problem does not appear in regular intervals.
  2. Rarely the webhook will crash, requiring a restart of the Splunk process. 

Has anyone experienced similar issue and has a solution to this problem?

0 Karma
Reply

bpelaia
Engager
‎05-16-2025 10:41 AM

Hi,

I got the same issue.

I wrote a small patch for the teams_subscription.py binary to solve it.

It is based on release 2.0.0.

The patch is attached as TA_MS_Teams-bruno.patch.txt.

To use it, just save the file as TA_MS_Teams-bruno.patch in the $SPLUNK_HOME/etc/apps directory and apply it using the following command in the TA_MS_Teams directory:

pelai@xps MINGW64 /d/src/TA_MS_Teams
$ patch -p1 < ../TA_MS_Teams-bruno.patch.txt
patching file bin/teams_subscription.py
pelai@xps MINGW64 /d/src/TA_MS_Teams
$

 It is possible to revert the patch at anytime just using patch with the -R parameter.

I hope this can help.

B.

Preview file
2 KB
0 Karma
Reply

marnall
Motivator
‎07-11-2024 12:55 PM

For issue 1 I have also had this problem, where the subscription just stops working and does not auto-correct.

There is a lookup in the Splunk Enterprise instance which contains subscription information. You can make a scheduled search to overwrite this lookup, and then the app will make a new subscription and the logs should come in again. 

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...