Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Microsoft Teams Add-on for Splunk Azure Subscription creation/update failing occasionally

ahennewig_sva
Observer
‎07-05-2024 02:13 AM

Hi,

we are currently experiencing reliability issues when using the Microsoft Teams Add-on for Splunk  (https://splunkbase.splunk.com/app/4994😞

  1. The renewal of the Azure Subscription, which should take place every 24h does not work sometimes and will not start again unless we create new inputs (subscription, webhook, call records). I did not find an error message regarding this in the logs. We build an alert for this problem.  We use the TA from a HF in the DMZ. So it is possible that we missed a FW-rule for one of Microsofts Graph IPs. The problem does not appear in regular intervals.
  2. Rarely the webhook will crash, requiring a restart of the Splunk process. 

Has anyone experienced similar issue and has a solution to this problem?

Labels (1)
Labels
0 Karma
Reply

marnall
Motivator
‎07-11-2024 12:55 PM

For issue 1 I have also had this problem, where the subscription just stops working and does not auto-correct.

There is a lookup in the Splunk Enterprise instance which contains subscription information. You can make a scheduled search to overwrite this lookup, and then the app will make a new subscription and the logs should come in again. 

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...