Send alert notifications to Microsoft Teams using Splunk Observability Cloud 🔗
You can configure Splunk Observability Cloud to automatically send alert notifications to a Microsoft Teams channel when a detector alert condition is met and when the alert clears.
To send Splunk Observability Cloud alert notifications to Microsoft Teams, complete the following configuration tasks:
Step 1: Get the webhook URL for the Microsoft Team channel. You must be an owner or administrator of the Microsoft Team to complete this task.
Step 2: Create a Microsoft Teams integration in Splunk Observability Cloud. You must be a Splunk Observability Cloud administrator to complete this task.
Existing Office 365 integrations appear in Splunk Observability Cloud within the Microsoft Teams tile.
Step 1: Get the webhook URL for the Microsoft Team channel 🔗
You must be an owner or administrator of the Microsoft Team to complete this task.
To get the webhook POST URL for the Microsoft Team channel:
Log in to Microsoft Teams and navigate to the list of teams.
Select the team that contains the channel you want to send alert notifications to. Expand the list of channels.
Find and hover over the channel you want to send alert notifications to. Select More options (…) and then select Workflows.
Find and select the Post to a channel when a webhook request is received template.
Enter a descriptive name for the workflow.
Select Next.
Add a team and channel for your workflow.
Select Add workflow. Microsoft Teams generates a URL to make a POST request to.
Select the Copy to Clipboard icon to copy the webhook URL for use in Step 2: Create a Microsoft Teams integration in Splunk Observability Cloud.
Select Done.
Step 2: Create a Microsoft Teams integration in Splunk Observability Cloud 🔗
You must be a Splunk Observability Cloud administrator to complete this task.
To create a Microsoft Teams integration in Splunk Observability Cloud:
Log in to Splunk Observability Cloud.
Open the Microsoft Teams guided setup . Optionally, you can navigate to the guided setup on your own:
In the left navigation menu, select .
Go to the Available integrations tab, or select Add Integration in the Deployed integrations tab.
In the integration filter menu, select All.
In the Search field, search for Microsoft Teams, and select it.
Select New Integration to display the configuration options.
By default, the name of the integration is Microsoft Teams. Give your integration a unique and descriptive name. For information about the downstream use of this name, see About naming your integrations.
In the Webhook URL field, paste the webhook URL you copied in Step 1: Get the webhook URL for the Microsoft Team channel. The webhook POST URL looks similar to this:
https://<region>.logic.azure.com:<port>/workflows/<workflowId>/triggers/manual/paths/invoke?<apiVersion>&<signature>.Save.
If Splunk Observability Cloud can validate the Microsoft Teams webhook URL, a Validated! success message displays. If an error displays instead, make sure that the webhook URL value you entered matches the value displayed in Microsoft Teams in Step 1: Get the webhook URL for the Microsoft Team channel.
Step 3: Add a Microsoft Teams integration as a detector alert recipient in Splunk Observability Cloud 🔗
To add a Microsoft Teams integration as a detector alert recipient in Splunk Observability Cloud:
Create or edit a detector that you want to configure to send alert notifications using your Microsoft Teams integration.
For more information about working with detectors, see Create detectors to trigger alerts and Subscribe to alerts using the Detector menu.
In the Alert recipients step, select Add Recipient.
Select Microsoft Teams and then select the name of the Microsoft Teams integration you want to use to sends alert notifications. This is the integration name you created in Step 2: Create a Microsoft Teams integration in Splunk Observability Cloud.
Activate and save the detector.
Splunk Observability Cloud sends an alert notification to the Microsoft Teams channel when the detector triggers an alert and when the alert clears.
Update existing Microsoft Teams integration configurations for Office 365 connectors retirement 🔗
Caution
After December 31, 2024, Office 365 connectors in Microsoft Teams will be retired.
To continue using the Microsoft Teams integration in Splunk Observability Cloud without any interruption, follow these steps:
Transition from Office 365 connectors to Workflows:
Log in to Microsoft Teams and navigate to the list of teams.
Select the team that contains the channel you want to send alert notifications to. Expand the list of channels.
Find and hover over the channel you want to send alert notifications to. Select More options (…) and then select Workflows.
Find and select the Post to a channel when a webhook request is received template.
Enter a descriptive name for the workflow.
Add a team and channel for your workflow.
Select Add workflow. Microsoft Teams generates a URL to make a POST request to.
Select the Copy to Clipboard icon to copy the webhook POST URL.
Select Done.
Edit existing Microsoft Teams integration configurations in Splunk Observability Cloud:
From the Splunk Observability Cloud home page, go to the Data Management page.
Find the Microsoft Teams connection you want to edit.
In the Webhook URL field, replace the existing URL with the webhook POST URL you copied from the Microsoft Teams Workflows app.
Select Save.