Install Splunk Connect for Zoom on a single instance Splunk Enterprise deployment

In a single-instance Splunk Enterprise deployment, your Splunk Enterprise instance serves as a receiver, an indexer, and a search head.

To get data from your data source into your Splunk Enterprise instance, configure a receiver and a forwarder. The receiver is your Splunk Enterprise instance. You install the forwarder on your data host to send data to the receiver.

Enable a receiver using Splunk Web

1. Log into the receiver as an Admin.
2. Click Settings, then Forwarding and receiving.
3. For Configure receiving, click Add new.
4. You can use the netstat tool to determine what ports are available on your system. Make sure that Splunk Web or splunkd is not using the port you select.
5. Specify the TCP port you want to make the receiving port.
6. Click Save. The Splunk software begins to receive incoming data on the port you specified.
7. Restart the Splunk software.

Install on a single instance Splunk platform deployment

1. Download Splunk Connect for Zoom from Splunkbase.
2. Place the resulting download folder in the $SPLUNK_HOME/etc/apps directory on your heavy forwarder.
3. Extract the Splunk Connect for Zoom.
4. Restart the heavy forwarder using the command splunk restart.

Configure inputs on a single instance Splunk platform deployment

Configure Splunk Connect for Zoom to receive data from your Zoom deployment.

Configure a Zoom webhook input

Configure a Zoom webhook input to connect your Splunk platform deployment to your Zoom platform deployment.

1. In Splunk Web, navigate to Settings, then Data Inputs.
2. Navigate to the Zoom input, and click Add New
3. Use the following table to fill in the fields. Change fields to fit the parameters of your environment.

   Parameter	Value
   Name	Zoom
   Port	4443
   Secret Token	Webhook secret token on the Add Feature page of your zoom app.
   SSL Certificate File	Path to SSL certificate (.cer, .pem format) given by a trusted CA
   SSL Certificate Key File	Path to SSL certificate key (.cer, .pem format) given by a trusted CA
   Set sourcetype	Manual
   Sourcetype	zoom:webhook
   Host	<Leave as is>
   Index	zoom

4. Click Next.
5. Click Done.

Configure Zoom to send data

Configure your Zoom deployment to collect and send data to your Splunk platform deployment.

Create Zoom Webhook Only App

Create a Zoom Webhook Only App.

1. Navigate to marketplace.zoom.us/ and log in to your Zoom account
2. Click Develop > Build App
3. Follow the steps to create a Webhook Only App
4. Fill in the following App Information:
   • App Name
   • Short Description
   • Company Name
   • Developer Name
   • Developer Email Address
5. Note down the Secret Token. The Secret Token is required when configuring Splunk Connect for Zoom on your Splunk instance.
6. Click Continue.
7. Enable Event Subscriptions.
8. Click the Add new event subscription button.
9. Enter the following information:
   • Subscription Name (For example, Splunk)
   • Event notification endpoint URL (For example, https://example.com:4443)
10. Click Validate. Make sure to FQDN when validating, which was used while creating the SSL Certificate.
11. Click the Add events button.
12. Subscribe to any Webhook Events you want. See the Zoom Webhook Reference page for more information.
13. Click Save.
14. Click Continue.
15. Activate the Webhook Only App