Install Splunk Connect for Zoom on a distributed Splunk Enterprise deployment
Install Splunk Connect for Zoom on heavy forwarders of a distributed Splunk Enterprise deployment. After you have installed and configured the connector, use the heavy forwarders to send Zoom data to the other tiers of your Splunk platform deployment.
To manage on-premises heavy forwarders to get data into Splunk Cloud, see System Requirements in the Installation Manual in the Splunk Enterprise documentation, which includes information about forwarders.
To get data from your data source into your Splunk Enterprise instance, configure a receiver and a forwarder. The receiver is your Splunk Enterprise instance. You install the forwarder on your data host to send data to the receiver.
Enable a receiver using Splunk Web
- Log into the receiver as an Admin.
- Click Settings, then Forwarding and receiving.
- For Configure receiving, click Add new.
- You can use the
netstat
tool to determine what ports are available on your system. Make sure that Splunk Web or splunkd is not using the port you select. - Specify the TCP port you want to make the receiving port.
- Click Save. The Splunk software begins to receive incoming data on the port you specified.
- Restart the Splunk software.
Install onto your heavy forwarders
- Download Splunk Connect for Zoom from Splunkbase.
- Place the resulting download folder in the
$SPLUNK_HOME/etc/apps
directory on your heavy forwarder. - Extract the Splunk Connect for Zoom.
- Restart the heavy forwarder using the command
splunk restart
.
Configure inputs on a distributed Splunk platform deployment
Configure Splunk Connect for Zoom to receive data from your Zoom deployment.
Configure a Zoom webhook input
Configure a Zoom webhook input to connect your Splunk platform deployment to your Zoom platform deployment.
- In Splunk Web, navigate to Settings, then Data Inputs.
- Navigate to the Zoom input, and click Add New
- Use the following table to fill in the fields. Change fields to fit the parameters of your environment.
Parameter Value Name Zoom Port 4443 Secret Token Webhook secret token on the Add Feature page of your zoom app. SSL Certificate File Path to SSL certificate ( .cer
,.pem
format) given by a trusted CASSL Certificate Key File Path to SSL certificate key ( .cer
,.pem
format) given by a trusted CASet sourcetype Manual Sourcetype zoom:webhook
Host <Leave as is> Index zoom
- Click Next.
- Click Done.
Configure Zoom to send data
Configure your Zoom deployment to collect and send data to your Splunk platform deployment.
Create Zoom Webhook Only App
Create a Zoom Webhook Only App.
- Navigate to marketplace.zoom.us/ and log in to your Zoom account
- Click Develop > Build App
- Follow the steps to create a Webhook Only App
- Fill in the following App Information:
- App Name
- Short Description
- Company Name
- Developer Name
- Developer Email Address
- Note down the Secret Token. The Secret Token is required when configuring Splunk Connect for Zoom on your Splunk instance.
- Click Continue.
- Enable Event Subscriptions.
- Click the Add new event subscription button.
- Enter the following information:
- Subscription Name (For example, Splunk)
- Event notification endpoint URL (For example, https://example.com:4443)
- Click Validate. Make sure to FQDN when validating, which was used while creating the SSL Certificate.
- Click the Add events button.
- Subscribe to any Webhook Events you want. See the Zoom Webhook Reference page for more information.
- Click Save.
- Click Continue.
- Activate the Webhook Only App
Installation and configuration overview for Splunk Connect for Zoom | Install Splunk Connect for Zoom on a single instance Splunk Enterprise deployment |
This documentation applies to the following versions of Splunk® Connect for Zoom: 1.0.0
Feedback submitted, thanks!