Getting Data In

Are there any apps or add-ons to integrate Microsoft Teams with Splunk Enterprise?

anandhalagarasa
Path Finder

Hi Team,

Is there any app or add-on to integrate Microsoft Teams with Splunk. Since once the alert is getting triggered from Splunk end it should reach immediately to Microsoft Teams to the particular channel or teams.

So if there is a way then kindly let me know.

0 Karma
1 Solution

treinke
Builder

There is the app to help you connect to MS Teams: https://splunkbase.splunk.com/app/3375/.

Right click on the channel you want the alert to go to and select Connectors. On the right, choose Configure on "Incoming Webhook". Give the incoming webhook a name. I tend to use the alert name as the webhook name. Upload a custom image if you want. Then click Create. That will generate the URL you need to enter in to the Splunk app.

When you setup up the alert in Splunk, make sure the "Microsoft Teams Webhook Alert Connector" app is installed, use the Microsoft Teams action and paste in the webhook URL.

*Note - You need to format the alert in to tables for best results.

There are no answer without questions

View solution in original post

treinke
Builder

There is the app to help you connect to MS Teams: https://splunkbase.splunk.com/app/3375/.

Right click on the channel you want the alert to go to and select Connectors. On the right, choose Configure on "Incoming Webhook". Give the incoming webhook a name. I tend to use the alert name as the webhook name. Upload a custom image if you want. Then click Create. That will generate the URL you need to enter in to the Splunk app.

When you setup up the alert in Splunk, make sure the "Microsoft Teams Webhook Alert Connector" app is installed, use the Microsoft Teams action and paste in the webhook URL.

*Note - You need to format the alert in to tables for best results.

There are no answer without questions

mrccasi
Explorer

Hi @treinke -

I am having an issue with sending the alert on the ms teams channel. when the owner of the alert is admin, the alert is sending perfectly fine on the channel. but when the owner of the alert is just a power user, the alert is now sending on the ms teams channel. Can you please advise what is the issue? Is this about the access? Thank you in advance.

0 Karma

anandhalagarasa
Path Finder

@anthony reinke , Thanks it works as expected.

0 Karma

nickhills
Ultra Champion

Have a look at this:
https://splunkbase.splunk.com/app/3375/

I have not used this as we wrote our own integration, but its a reasonably straightforward webhook.
Grab the hook url from your teams client, and provide that to the alert

If my comment helps, please give it a thumbs up!
0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...