Splunk® Connect for Zoom

Install and Administer Splunk Connect for Zoom

This documentation does not apply to the most recent version of Splunk® Connect for Zoom. For documentation on the most recent version, go to the latest release.

Install Splunk Connect for Zoom on a single instance Splunk Enterprise deployment

In a single-instance Splunk Enterprise deployment, your Splunk Enterprise instance serves as a receiver, an indexer, and a search head.

To get data from your data source into your Splunk Enterprise instance, configure a receiver and a forwarder. The receiver is your Splunk Enterprise instance. You install the forwarder on your data host to send data to the receiver.

Enable a receiver using Splunk Web

  1. Log into the receiver as an Admin.
  2. Click Settings, then Forwarding and receiving.
  3. For Configure receiving, click Add new.
  4. You can use the netstat tool to determine what ports are available on your system. Make sure that Splunk Web or splunkd is not using the port you select.
  5. Specify the TCP port you want to make the receiving port.
  6. Click Save. The Splunk software begins to receive incoming data on the port you specified.
  7. Restart the Splunk software.


Install on a single instance Splunk platform deployment

  1. Download Splunk Connect for Zoom from Splunkbase.
  2. Place the resulting download folder in the $SPLUNK_HOME/etc/apps directory on your heavy forwarder.
  3. Extract the Splunk Connect for Zoom.
  4. Restart the heavy forwarder using the command splunk restart.

Configure inputs on a single instance Splunk platform deployment

Configure Splunk Connect for Zoom to receive data from your Zoom deployment.

Configure a Zoom webhook input

Configure a Zoom webhook input to connect your Splunk platform deployment to your Zoom platform deployment.

  1. In Splunk Web, navigate to Settings, then Data Inputs.
  2. Navigate to the Zoom input, and click Add New
  3. Use the following table to fill in the fields. Change fields to fit the parameters of your environment.
    Parameter Value
    Name Zoom
    Port 4443
    Secret Token Webhook secret token on the Add Feature page of your zoom app.
    SSL Certificate File Path to SSL certificate (.cer, .pem format) given by a trusted CA
    SSL Certificate Key File Path to SSL certificate key (.cer, .pem format) given by a trusted CA
    Set sourcetype Manual
    Sourcetype zoom:webhook
    Host <Leave as is>
    Index zoom
  4. Click Next.
  5. Click Done.


Configure Zoom to send data

Configure your Zoom deployment to collect and send data to your Splunk platform deployment.


Create Zoom Webhook Only App

Create a Zoom Webhook Only App.

  1. Navigate to marketplace.zoom.us/ and log in to your Zoom account
  2. Click Develop > Build App
  3. Follow the steps to create a Webhook Only App
  4. Fill in the following App Information:
    • App Name
    • Short Description
    • Company Name
    • Developer Name
    • Developer Email Address
  5. Note down the Secret Token. The Secret Token is required when configuring Splunk Connect for Zoom on your Splunk instance.
  6. Click Continue.
  7. Enable Event Subscriptions.
  8. Click the Add new event subscription button.
  9. Enter the following information:
  10. Click Validate. Make sure to FQDN when validating, which was used while creating the SSL Certificate.
  11. Click the Add events button.
  12. Subscribe to any Webhook Events you want. See the Zoom Webhook Reference page for more information.
  13. Click Save.
  14. Click Continue.
  15. Activate the Webhook Only App
Last modified on 09 June, 2023
Install Splunk Connect for Zoom on a distributed Splunk Enterprise deployment   Upgrade Splunk Connect for Zoom

This documentation applies to the following versions of Splunk® Connect for Zoom: 1.0.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters