Zoom Webhook sending null characters to Splunk

We implemented logging from Zoom to our SPLUNK instance via Zoom Marketplace JWT app. Unfortunately in SPLUNK we are seeing lots of null chars and those are creating an issue during the ingestion of the logs.

It is causing our Splunk indexer to crash and stop injesting logs. We have to restart to get them flowing again.

Please see an example below:

{"event": "meeting.sharing_ended", "payload": {"object": {"uuid": "r0pFZE8wS4+senRhu9f3sA==", "participant": {"id": "", "user_id": "16778240", "user_name": "f3sA==,,16778240\![Screen Shot 2020-08-25 at 10.35.22 AM|690x490](upload://6cIpUt6XxmbwdW2xADarZuOKFUd.png) \u0000\u0000\u0002\u0000\u0000\u0000\u0002\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000

<continued with the null characters for 20k or so>

Which App Type (OAuth / Chatbot / JWT / Webhook)?

Which Endpoint/s?

How To Reproduce (If applicable)
Steps to reproduce the behavior:
Enable the Splunk Zoom app and send logs to if via Zoom Webhook

Screenshots (If applicable)
If applicable, add screenshots to help explain your problem.

Additional context
We opened a ticket with zoom support and they told us they can’t help us and to reach out to the developer forum. Full details here with notes INC01298695.

Hey @sbl,

Thanks for reporting this. Our engineering team is looking into the issue and I will get back to you with an update. (ZOOM-191161)


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.