This add-on collects data from Microsoft Teams including the following:
Splunk platform versions: 7.3 and later
Unless otherwise noted, all supported add-ons can be safely installed to all tiers of a distributed Splunk platform deployment. See Where to install Splunk add-ons in Splunk Add-ons for more information.
This table provides a reference for installing this specific add-on to a distributed deployment of Splunk Enterprise.
|Splunk platform component||Supported||Required||Comments|
|Search Heads||Yes||Yes||This add-on contains search-time knowledge. It is recommended to turn visibility off on your search heads to prevent data duplication errors that can result from running inputs on your search heads instead of (or in addition to) on your data collection node.|
|Heavy Forwarders||Yes||No (but recommended)||It is recommended to install this add-on on a heavy forwarder for data collection.|
|Indexers||Yes||No||Not required as the parsing operations occur on the forwarders.|
|Universal Forwarders||No||No||Universal forwarders are not supported for data collection because the modular inputs require Python and the Splunk REST handler.|
Collecting call record data is a 3-step process:
Microsoft Teams will push call record header data to Splunk via HTTPS.
Note: The Teams Webhook is not available for Splunk Cloud installations. Consider Azure Functions as an alternative.
A subscription instructs Microsoft Teams to start sending call record header data to a specified HTTPS webhook.
The call record input uses the call record header received by the webhook to retrieve a complete call record from the Teams REST API.
Note: Teams Webhook inputs and Teams Call Record inputs should run on the same system. A load balancer may be used to scale out multiple systems.
Reports.Read.All (Delegated and Application)
Splunk uses an Azure Active Directory application registration to access Microsoft Teams data. Access to Microsoft Teams data may be disabled from the Azure portal by modifying the Azure Active Directory application registration permissions or removing the Azure Active Directory application.
Refer to the README.txt file included in this package for details.
Webhook handling improvements
Better handling for Splunk 7.x installations
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.