Splunk® Connect for Zoom

Install and Administer Splunk Connect for Zoom

Acrobat logo Download manual as PDF

This documentation does not apply to the most recent version of Splunk® Connect for Zoom. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Install Splunk Connect for Zoom on a distributed Splunk Enterprise deployment

Zoom released Webhook validation for all new webhooks that were created after Oct 23, 2022. All webhooks created prior to this date do not require validation unless you modify them. Webhook validation is required for all new and existing webhooks as of October 2023.

Install Splunk Connect for Zoom on heavy forwarders of a distributed Splunk Enterprise deployment. After you have installed and configured the connector, use the heavy forwarders to send Zoom data to the other tiers of your Splunk platform deployment.

To manage on-premises heavy forwarders to get data into Splunk Cloud, see System Requirements in the Installation Manual in the Splunk Enterprise documentation, which includes information about forwarders.

To get data from your data source into your Splunk Enterprise instance, configure a receiver and a forwarder. The receiver is your Splunk Enterprise instance. You install the forwarder on your data host to send data to the receiver.

Enable a receiver using Splunk Web

  1. Log into the receiver as an Admin.
  2. Click Settings, then Forwarding and receiving.
  3. For Configure receiving, click Add new.
  4. You can use the netstat tool to determine what ports are available on your system. Make sure that Splunk Web or splunkd is not using the port you select.
  5. Specify the TCP port you want to make the receiving port.
  6. Click Save. The Splunk software begins to receive incoming data on the port you specified.
  7. Restart the Splunk software.

Install onto your heavy forwarders

  1. Download Splunk Connect for Zoom from Splunkbase.
  2. Place the resulting download folder in the $SPLUNK_HOME/etc/apps directory on your heavy forwarder.
  3. Extract the Splunk Connect for Zoom.
  4. Restart the heavy forwarder using the command splunk restart.

Configure inputs on a distributed Splunk platform deployment

Configure Splunk Connect for Zoom to receive data from your Zoom deployment.

Configure a Zoom webhook input

Configure a Zoom webhook input to connect your Splunk platform deployment to your Zoom platform deployment.

  1. In Splunk Web, navigate to Settings, then Data Inputs.
  2. Navigate to the Zoom input, and click Add New
  3. Use the following table to fill in the fields. Change fields to fit the parameters of your environment.
    Parameter Value
    Name Zoom
    Port 4443
    Secret Token Webhook secret token on the Add Feature page of your zoom app.
    SSL Certificate File Path to SSL certificate (.cer, .pem format) given by a trusted CA
    SSL Certificate Key File Path to SSL certificate key (.cer, .pem format) given by a trusted CA
    Set sourcetype Manual
    Sourcetype zoom:webhook
    Host <Leave as is>
    Index zoom
  4. Click Next.
  5. Click Done.

Configure Zoom to send data

Configure your Zoom deployment to collect and send data to your Splunk platform deployment.

Create Zoom Webhook Only App

Create a Zoom Webhook Only App.

  1. Navigate to marketplace.zoom.us/ and log in to your Zoom account
  2. Click Develop > Build App
  3. Follow the steps to create a Webhook Only App
  4. Fill in the following App Information:
    • App Name
    • Short Description
    • Company Name
    • Developer Name
    • Developer Email Address
  5. Note down the Secret Token. The Secret Token is required when configuring Splunk Connect for Zoom on your Splunk instance.
  6. Click Continue.
  7. Enable Event Subscriptions.
  8. Click the Add new event subscription button.
  9. Enter the following information:
  10. Click Validate. Make sure to FQDN when validating, which was used while creating the SSL Certificate.
  11. Click the Add events button.
  12. Subscribe to any Webhook Events you want. See the Zoom Webhook Reference page for more information.
  13. Click Save.
  14. Click Continue.
  15. Activate the Webhook Only App
Last modified on 09 June, 2023
Installation and configuration overview for Splunk Connect for Zoom
Install Splunk Connect for Zoom on a single instance Splunk Enterprise deployment

This documentation applies to the following versions of Splunk® Connect for Zoom: 1.0.1

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters