Skip to main content
Lantern Home

 

Splunk Lantern

Analyzing Microsoft Teams data with Kollective Technology and Splunk

  1. Last updated
  2. Save as PDF

Kollective Technology provides enterprise collaboration observability focused on performance and usage of Microsoft Teams. Organizations that rely on Teams for meetings, calling, and large-scale communications generate significant volumes of collaboration telemetry, including call quality metrics, meeting metadata, and participant experience data. Kollective collects this data and makes it available for ingestion into the Splunk platform, where it can be analyzed alongside existing infrastructure, network, and service data.

Before configuring partner-specific data ingestion, review Splunk Help for general data ingestion and data management in Splunk Enterprise or Splunk Cloud Platform.

Prerequisites

  • Microsoft 365 tenant with Microsoft Teams enabled
  • Microsoft Graph API permissions granted to Kollective
  • Splunk Enterprise or Splunk Cloud Platform
  • Splunk HTTP Event Collector enabled and accessible
  • Microsoft Teams Collaboration Observability App

Data required

Kollective retrieves collaboration telemetry directly from Microsoft Teams services through Microsoft Graph API endpoints. The data collected includes:

  • Meeting and call metadata
  • Audio, video, and screen sharing quality metrics
  • Participant and endpoint information
  • Location and network context

Telemetry is processed by the Kollective collaboration observability platform and streamed securely to customer-managed Splunk environments.

How to use Splunk software for this use case

Data flow

Microsoft Teams → Microsoft Graph API → Kollective Collaboration Observability Platform → Splunk HTTP Event Collector → Customer Splunk Instance 

Getting data in

Kollective collects Microsoft Teams collaboration telemetry using the Microsoft Graph API, aggregates it by location in one-hour intervals, and forwards this data to the Splunk platform using the HTTP Event Collector (HEC). Data collection is agentless and authenticated through Microsoft 365 administrative permissions. After it is ingested, Teams observability data is indexed in the Splunk platform and available for search, correlation, and visualization. The following video walks through the complete process.

Splunk platform integration

Kollective-provided dashboards and searches support monitoring of Teams call quality, participant experience, and location-based performance trends. The following video demos these dashboards.

Kollective forwards Teams observability data to Splunk using HTTPS-based HEC ingestion. Customers configure a dedicated Splunk index and HEC token to receive the data. After it is ingested, the data can be used to:

  • Monitor collaboration quality trends over time
  • Correlate Teams performance with network or location data
  • Identify network segments or sites contributing to degraded collaboration experiences
  • Support operational investigations related to collaboration services
  • Supporting IT and network operations teams responsible for collaboration platforms and digital workplace services

There are no pre-configured Splunk data inputs outside of HTTP Event Collector. All ingestion configuration is managed by the Splunk administrator.

Kollective manages data collection and forwarding from Microsoft Teams. Customers are responsible for Splunk index configuration, access controls, and data retention policies.

Additional resources

Kollective has more than two decades of experience supporting large, globally distributed organizations, and helps IT and network operations teams understand how collaboration workloads perform across networks, locations, and endpoints. To learn more about how Kollective can help your organization, visit their website.  

The user- and community-generated information, content, data, text, graphics, images, videos, documents and other materials made available on Splunk Lantern is Community Content as provided in the terms and conditions of the Splunk Website Terms of Use, and it should not be implied that Splunk warrants, recommends, endorses or approves of any of the Community Content, nor is Splunk responsible for the availability or accuracy of such. Splunk specifically disclaims any liability and any actions resulting from your use of any information provided on Splunk Lantern.