Splunk Integration - Connection Reporting - TeamViewer Support
<main>
<article class="userContent">
<p><br></p><h2 data-id="general">General</h2><div class="blockquote"><div class="blockquote-content"><p class="blockquote-line"><em>This article applies to Splunk Enterprise customers.</em></p></div></div><p><br></p><h3></h3><h2 data-id="prerequisites">Prerequisites</h2><p>Download/Install/Configure Splunk Enterprise</p><p><a href="https://www.splunk.com/en_us/download/splunk-enterprise.html" rel="nofollow noreferrer ugc">https://www.splunk.com/en_us/download/splunk-enterprise.html</a></p><p>Download/Install/Configure Splunk REST API Modular Input v1.4</p><p>This is a Splunk Modular Input for polling REST APIs and indexing the responses.</p><p><a href="https://splunkbase.splunk.com/app/1546/#/details" rel="nofollow noreferrer ugc">https://splunkbase.splunk.com/app/1546/#/details</a></p><h3 data-id="dependencies">Dependencies</h3><p>Splunk 5.0+</p><p>Supported on Windows, Linux, MacOS, Solaris, FreeBSD, HP-UX, AIX</p><h3 data-id="setup">Setup</h3><ul><li>Untar the release to your $SPLUNK_HOME/etc/apps directory <em>(recommend using 7zip for Windows users)</em></li><li>Restart Splunk</li><li>Browse to Manager -> Data Inputs -> REST and setup your inputs</li></ul><div class="embedExternal embedImage display-large float-none">
<div class="embedExternal-content">
<a class="embedImage-link" href="https://us.v-cdn.net/6032394/uploads/IZJAE5FL1D39/image.png" rel="nofollow noreferrer noopener ugc" target="_blank">
<img class="embedImage-img" src="https://us.v-cdn.net/6032394/uploads/IZJAE5FL1D39/image.png" alt="image.png" height="543" width="998" loading="lazy" data-display-size="large" data-float="none"></img></a>
</div>
</div>
<p><br></p><h2 data-id="logging">Logging</h2><p>Any modular input log errors will get written to $SPLUNK_HOME/var/log/splunk/splunkd.log</p><h2 data-id="troubleshooting">Troubleshooting</h2><p>You are using Splunk 5+?</p><p>Look for any errors in $SPLUNK_HOME/var/log/splunk/splunkd.log?</p><p>Any firewalls blocking outgoing HTTP calls?</p><p>Are your REST URL, headers, url arguments correct?</p><p>Is your authentication setup correctly?</p><h2 data-id="making-http-request">Making HTTP request</h2><p><strong>1. </strong>Create app token for calling TeamViewer API</p><ul><li>Log into MCO>Administer “Company Profile”>Apps>Create script token<ul><li>Name: Splunk integration (your preference)</li><li>Description: Optional</li><li>Connection reporting: View connection entries</li></ul></li></ul><p><strong>2. </strong>Please review TeamViewer’s API documentation page for further requests: <a href="https://integrate.teamviewer.com/en/develop/api/documentation/" rel="nofollow noreferrer ugc">https://integrate.teamviewer.com/en/develop/api/documentation/</a></p><ul><li>Log into the The Splunk web interface: <a href="http://HOSTNAME:8000" rel="nofollow noreferrer ugc">http://HOSTNAME:8000</a></li><li>Enter the appropriate fields:<ul><li>Endpoint URL: <a href="https://webapi.teamviewer.com/api/v1/reports/connections" rel="nofollow noreferrer ugc">https://webapi.teamviewer.com/api/v1/reports/connections</a></li><li>HTTP Method: GET</li><li>HTTP Header Properties: authorization=Bearer XXXXXX-XXXXXXXXXXXXXXXXX <- your token</li><li>Response Type: json</li><li>Polling interval: (optional as Splunk polls every 60 seconds)</li><li>Set sourcetype: Manual</li><li>Source type: _json</li><li>Save</li></ul></li></ul><div class="embedExternal embedImage display-large float-none">
<div class="embedExternal-content">
<a class="embedImage-link" href="https://us.v-cdn.net/6032394/uploads/RDGWYZ6YFZKE/image.png" rel="nofollow noreferrer noopener ugc" target="_blank">
<img class="embedImage-img" src="https://us.v-cdn.net/6032394/uploads/RDGWYZ6YFZKE/image.png" alt="image.png" height="734" width="726" loading="lazy" data-display-size="large" data-float="none"></img></a>
</div>
</div>
<p><br></p><p><strong>3. </strong>Reviewing the results</p><ul><li>In top left corner choose Apps>Search & Reporting>Data Summary>Sources (middle tab)>rest(“Name of report”)</li><li>Recommendation is to change from “Raw” view to “Table” view for meaning results</li></ul><div class="embedExternal embedImage display-large float-none">
<div class="embedExternal-content">
<a class="embedImage-link" href="https://us.v-cdn.net/6032394/uploads/GQYHUOFGPZG2/image.png" rel="nofollow noreferrer noopener ugc" target="_blank">
<img class="embedImage-img" src="https://us.v-cdn.net/6032394/uploads/GQYHUOFGPZG2/image.png" alt="image.png" height="500" width="999" loading="lazy" data-display-size="large" data-float="none"></img></a>
</div>
</div>
<p>Following feedback from some of our great users, we would like to share that since Splunk may truncate the connection report JSON, it is advisable to limit the connection report to a specific time period.</p><p>The timestamp format is YYY-MM-DDTHH:MM:SSZ . An example connection report request URL with time constraints would be <a href="https://webapi.teamviewer.com/api/v1/reports/connections?from_date=2019-01-31T19:20:30Z&to_date=2019-02-02T19:45:01Z" rel="nofollow noreferrer ugc">https://webapi.teamviewer.com/api/v1/reports/connections?from_date=2019-01-31T19:20:30Z&to_date=2019-02-02T19:45:01Z</a></p><p>More information about the TeamViewer Reporting API parameters can be found at <a href="https://www.teamviewer.com/en/integrations/reporting/" rel="nofollow noreferrer ugc">https://www.teamviewer.com/en/integrations/reporting/</a> .</p>
</article>
</main>