Update docs

.github/workflows/docs.yml

@@ -0,0 +1,24 @@
+name: docs
+
+on:
+  push:
+    branches:
+      - update-docs
+    paths:
+      - docs/**
+      - mkdocs.yml
+      - .github/workflows/docs.yml
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pages: write
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: 3.12
+      - run: pip install mkdocs==1.6.0 mkdocs-material==9.5.32 mkdocs-print-site-plugin==2.6.0
+      - run: mkdocs gh-deploy --force

README.md

@@ -5,6 +5,7 @@
 [![Latest release (latest by date)](https://img.shields.io/github/v/release/splunk/ta_cisco_webex_add_on_for_splunk?label=Latest%20Release)](https://github.com/splunk/genesys_cloud_ta/releases)
 [![License](https://img.shields.io/badge/License-Apache_2.0-yellow.svg)](https://opensource.org/licenses/Apache-2.0)
 
+Find more details in our [Github Page](https://splunk.github.io/ta_cisco_webex_add_on_for_splunk/) and [README](https://github.com/splunk/ta_cisco_webex_add_on_for_splunk/blob/main/package/README.md#here-are-the-endpoints-their-corresponding-source-types-and-the-required-scopes)
 > **Cisco Webex Add-on for Splunk** is an Add-on to pull in data from _[Webex REST API](https://developer.webex.com/docs/basics)_ to Splunk.
 
 Here are the endpoints and their mapping soucetypes.
@@ -20,7 +21,7 @@ Here are the endpoints and their mapping soucetypes.
 
 ## Versions Supported
 
-  - Tested for installation and basic ingestion on Splunk 9.X and 8.2 for **CentOS** system.
+  - Tested for installation and basic ingestion on Splunk 10.x, 9.X and 8.2.
 
 > Built by Splunk's FDSE Team (#team-fdse).
 
@@ -32,4 +33,4 @@ Here are the endpoints and their mapping soucetypes.
 * Isaac Fonseca Monge
 * Marie Duran
 * Ashley Hoang
-* Isaac Fonseca
+* Erica Pescio

docs/ConfigureAccount/index.md

@@ -0,0 +1,35 @@
+# Prerequisites
+
+
+#### Create the Webex OAuth Integration in Webex
+
+The Cisco Webex Add-on for Splunk supports OAuth2 Authentication, which allows third-party integrations to get a temporary access token for authenticating API calls. Therefore, creating an **Admin-level Webex integration** is required to work along with this Add-on.
+Please follow the following steps to create a dedicated Webex integration for this Add-on. Further documentation can be found [here](https://developer.webex.com/docs/integrations).
+
+1. **Registering your Integration**:
+    - Visit the [Webex for Developers](https://developer.webex.com/) and then log in using your **Webex Admin Account**
+    - Select `My Webex Apps` from the menu under your avatar at the top of this page
+    - Click `Create a New App` then `Create an Integration` to start the wizard
+2. **Provide app related information**:
+    - **Integration name**: Enter a name for yor integration. `e.g. Webex Integration for Splunk`
+    - **Icon**: Upload your own or select from the defaults
+    - **Description**: Provide some details about your integration
+    - **Redirect URI(s)**: Follow the following steps to retrieve your Redirect URI:
+        - Open **Cisco Webex Add-on for Splunk** in Splunk. Go to `Configuration > Account > Add`. The Redirect URI will show up in the `Redirect url` field. Please copy and paste it to the `Redirect URI(s)` field in the Webex Integration.
+        - **For Splunk Heavy Forwarders (or IDM)**: please replace the `{domain}` with the domain of your Splunk Heavy Forwarder (or IDM). For example, if the domain of your HF or IDM is `example.splunk.link`, then the Redirect URI you have to enter is:  `https://example.splunk.link/en-US/app/ta_cisco_webex_add_on_for_splunk/ta_cisco_webex_add_on_for_splunk_redirect`. Ensure not to submit the form yet.
+
+    - **Scopes**: Please select only the scopes you need referring to the table below
+
+    #### Here are the endpoints, their corresponding source types, and the required scopes.
+| Splunk Input       | Webex Endpoint        | Splunk Sourcetype               | Required Scopes                 |
+|--------------------|-----------------------|---------------------------------|---------------------------------|
+| Webex Scheduled Meetings       | [Meetings](https://developer.webex.com/docs/api/v1/meetings/list-meetings)                       | cisco:webex:meetings         | meeting:admin_schedule_read spark-admin:people_read   |
+| Webex Meetings Summary Report       | [Meeting Usage Reports](https://developer.webex.com/docs/api/v1/meetings-summary-report/list-meeting-usage-reports)                       | cisco:webex:meeting:usage:reports         | meeting:admin_schedule_read meeting:admin_participants_read meeting:admin_config_read   |
+| Webex Meetings Summary Report       | [Meeting Attendee Reports](https://developer.webex.com/docs/api/v1/meetings-summary-report/list-meeting-attendee-reports)                       | cisco:webex:meeting:attendee:reports             | meeting:admin_schedule_read meeting:admin_participants_read meeting:admin_config_read  |
+| Webex Admin Audit Events       | [Admin Audit Events](https://developer.webex.com/docs/api/v1/admin-audit-events)                               | cisco:webex:admin:audit:events              | audit:events_read spark:organizations_read  |
+| Webex Meeting Qualities       | [Meeting Qualities](https://developer.webex.com/docs/api/v1/meeting-qualities/get-meeting-qualities)                               | cisco:webex:meeting:qualities              | analytics:read_all   |
+| Webex Detailed Call History       | [Detailed Call History](https://developer.webex.com/docs/api/v1/reports-detailed-call-history/get-detailed-call-history)                               | cisco:webex:call:detailed_history             | spark-admin:calling_cdr_read |
+| Webex Security Audit Events       | [Security Audit Events](https://developer.webex.com/admin/docs/api/v1/security-audit-events/list-security-audit-events)                               | cisco:webex:security:audit:events            | audit:events_read spark:organizations_read |
+
+3. Click **Add Integration** on the bottom of the page, your `Client ID` and `Client Secret` are ready to use.
+

docs/ConfigureAdminAuditEventInput/index.md

@@ -0,0 +1,27 @@
+# Webex Admin Audit Events Input 
+
+The **Webex Admin Audit Events** input is used to fetch the data from [Admin Audit Events](https://developer.webex.com/docs/api/v1/admin-audit-events) endpoint. It allows users to retrieve organization-wide audit logs all over the account.
+
+**Please Note**: Due to the API behavior, the selected time range cannot be more than a year. Therefore, If you want to obtain the audit logs that happened more than one year ago, you **MUST** fill in both `Start Time` and `End Time`, and ensure that the range does not exceed one year.
+
+The input uses checkpointing to avoid ingesting duplicate data. After the initial run, the script will save the latest audit event created time as the checkpoint, and will be used as the `Start Time` (advancing by one millisecond) for the next run.
+
+
+## Configure Webex Admin Audit Events input through Splunk Web 
+
+1. In the **Inputs** tab select **Create New Input**.
+2. Choose **Webex Admin Audit Events**.
+3. Enter the information in the related fields using the following input parameters table.
+
+## Input Parameters 
+
+Each attribute in the following table corresponds to a field in Splunk Web.
+
+|Input name               |Corresponding field in Splunk Web | Description|
+|-------------------------|----------------------------------|------------|
+|`name`                   |Name                              |A unique name for your input.|
+|`interval`               |Interval                          |Time interval of input in seconds.|
+|`index`                  |Index                             |The index in which the data should be stored. The default is <code>default</code>.|
+|`account`                |Global Account                    |The Webex account created in the Configuration tab.|
+|`start_time`             |Start Time                        |Required, Start date and time (inclusive) in the format YYYY-MM-DDTHH:MM:SSZ, `example:2023-01-01T00:00:00Z`. If you leave the `End Time` blank, Start Time **MUST** be within one year from the current time.|
+|`end_time`               |End Time                          |Optional, End date and time in the format YYYY-Mon-DDTHH:MM:SSZ.(Optional), `example:2023-02-01T00:00:00Z`. End Time must be after the Start Time.|

docs/ConfigureDetailedCallHistoryInput/index.md

@@ -0,0 +1,25 @@
+# Webex Detailed Call History 
+
+The **Webex Detailed Call History** input is used to fetch the data from [Webex Detailed Call History](https://developer.webex.com/docs/api/v1/reports-detailed-call-history/get-detailed-call-history) endpoint. It allows users to retrieve detailed data from calls. Only organization administrators can retrieve the data and it requires the administrator role "Webex Calling Detailed Call History API access" to be enabled.
+
+The input uses checkpointing to avoid ingesting duplicate data. After the initial run, the script will save the latest call start time as the checkpoint, and will be used as the `Start Time` (advancing by one millisecond) for the next run.
+
+## Configure Webex Detailed Call History input through Splunk Web 
+
+1. In the **Inputs** tab select **Create New Input**.
+2. Choose **Webex Detailed Call History**.
+3. Enter the information in the related fields using the following input parameters table.
+
+## Input Parameters 
+
+Each attribute in the following table corresponds to a field in Splunk Web.
+
+|Input name               |Corresponding field in Splunk Web | Description|
+|-------------------------|----------------------------------|------------|
+|`name`                   |Name                              |A unique name for your input.|
+|`interval`               |Interval                          |Time interval of input in seconds.|
+|`index`                  |Index                             |The index in which the data should be stored. The default is <code>default</code>.|
+|`account`                |Global Account                    |The Webex account created in the Configuration tab.|
+|`start_time`             |Start Time                        |Required, Start date and time (inclusive) in the format YYYY-MM-DDTHH:MM:SSZ, `example:2023-01-01T00:00:00Z`. The Start Time **MUST** must be between 5 minutes ago and 48 hours ago.|
+|`end_time`               |End Time                          |Optional, End date and time in the format YYYY-MM-DDTHH:MM:SSZ, `example:2023-02-01T00:00:00Z`. Leave it blank if an ongoing ingestion mode is needed. The End Time **MUST** be later than the Start Time but no later than 48 hours.|
+|`location`               |Locations.                        |Optional, Enter up to 10 comma-separed locations. Each location name should the same as shown in the Control Hub.|

docs/ConfigureGenericInput/index.md

@@ -0,0 +1,32 @@
+# Webex Generic Endpoint 
+
+The **Webex Generic Endpoint** provides the flexibility to create a custom input using the Webex API endpoint of your choice. If you encounter scenarios where the predefined input options do not meet your requirements, you can use this option to enable data ingestion from a different source.
+
+
+Keep in mind that the endpoint you want to use may require special permissions, roles, and/or scopes. Please refer to the API documentation to see the requirements needed to enable data ingestion for the endpoint.
+
+Enter a `Start Time` whenever it is supported by the endpoint to help avoid duplicates. If an `End Time` is specified, data will be fetched up to that time; otherwise, data will be fetched up to the current time. If a `Start` or `Created` time is present in the response, it will be saved as a checkpoint and used as the `Start Time` for the next run.
+
+Some endpoints require specific query parameters to function correctly. Users can add these parameters using the `Query Params` field. The input also supports path parameters in the URL, which should be included in the `API Endpoint` field.
+
+## Configure Webex Generic Endpoint input through Splunk Web 
+
+1. In the **Inputs** tab select **Create New Input**.
+2. Choose **Webex Generic Endpoint**.
+3. Enter the information in the related fields using the following input parameters table.
+
+## Input Parameters 
+
+Each attribute in the following table corresponds to a field in Splunk Web.
+
+|Input name               |Corresponding field in Splunk Web | Description|
+|-------------------------|----------------------------------|------------|
+|`name`                   |Name                              |A unique name for your input.|
+|`interval`               |Interval                          |Time interval of input in seconds.|
+|`index`                  |Index                             |The index in which the data should be stored. The default is <code>default</code>.|
+|`account`                |Global Account                    |The Webex account created in the Configuration tab.|
+|`webex_endpoint`         |API Endpoint                      |The Webex API endpoint. It is not necessary to include a leading slash as for example: `device`, or `devices/12345678`.|
+|`webex_base_url`         |Webex Base API URL                |Enter the base URL for the endpoint. Most Webex APIs use `webexapis.com`, but some may require a different base URL. For example, endpoints that require the `analytics:read_all` scope often use `analytics.webexapis.com`. Always refer to the endpoint documentation to confirm the correct base URL.|
+|`start_time`             |Start Time                        |Required, Inclusive start date and time in the format `YYYY-MM-DDTHH:MM:SSZ`, e.g. `2023-01-01T00:00:00Z`.  Be aware of the endpoint limitations and valid ranges.|
+|`end_time`               |End Time                          |Optional, End date and time in the format `YYYY-Mon-DDTHH:MM:SSZ`, e.g. `2023-02-01T00:00:00Z`. Leave blank if an ongoing ingestion mode is needed. Be aware of the endpoint limitations and valid ranges.|
+|`query_params. `         |Query Params                      |Include any query parameters for the endpoint. For multiple parameters, enter them as comma-separated values (e.g. `locationId=0000000, messageId=0000000, teamId=0000000`).|

docs/ConfigureMeetingQualitiesInput/index.md

@@ -0,0 +1,24 @@
+# Webex Meeting Qualities
+
+The **Webex Meeting Qualities** input is used to fetch the data from [Webex Meeting Qualities](https://developer.webex.com/docs/api/v1/meeting-qualities/get-meeting-qualities) endpoint. It allows users to retrieve quality data for meetings. Only organization administrators can retrieve meeting quality data.
+
+The input uses checkpointing to avoid ingesting duplicate data. After the initial run, the script will save the latest meeting start time as the checkpoint, and will be used as the `Start Time` (advancing by one millisecond) for the next run.
+
+## Configure Webex Meeting Qualities input through Splunk Web 
+
+1. In the **Inputs** tab select **Create New Input**.
+2. Choose **Webex Meeting Qualities**.
+3. Enter the information in the related fields using the following input parameters table.
+
+## Input Parameters 
+
+Each attribute in the following table corresponds to a field in Splunk Web.
+
+|Input name               |Corresponding field in Splunk Web | Description|
+|-------------------------|----------------------------------|------------|
+|`name`                   |Name                              |A unique name for your input.|
+|`interval`               |Interval                          |Time interval of input in seconds.|
+|`index`                  |Index                             |The index in which the data should be stored. The default is <code>default</code>.|
+|`account`                |Global Account                    |The Webex account created in the Configuration tab.|
+|`start_time`             |Start Time                        |Required, Start date and time (inclusive) in the format YYYY-MM-DDTHH:MM:SSZ, `example:2023-01-01T00:00:00Z`. The Start Time **MUST** be within 7 days from the current time.|
+|`end_time`               |End Time                          |Optional, End date and time in the format YYYY-Mon-DDTHH:MM:SSZ. `example:2023-02-01T00:00:00Z`. Leave it blank if an ongoing ingestion mode is needed.|

docs/ConfigureMeetingSummaryReportInput/index.md

@@ -0,0 +1,27 @@
+# Webex Meetings Summary Report Input
+
+The **Webex Meetings Summary Report** input is used to fetch the data from both [Meeting Usage Reports](https://developer.webex.com/docs/api/v1/meetings-summary-report/list-meeting-usage-reports) endpoint and [Meeting Attendee Reports](https://developer.webex.com/docs/api/v1/meetings-summary-report/list-meeting-attendee-reports) endpoint. It allows users to retrieve account-wide reports on past meetings and their correlated meeting attendees.
+
+**Please Note**: The input only returns the **historical** meeting reports and attendee reports, since these two endpoints only contain historical data. The input includes a 24‑hour delay due to the behavior of the API. According to the Webex documentation, “The report data for a meeting should be available within 24 hours after the meeting ends.” To ensure the data is complete and to avoid data gaps, the input ingests meeting data only after a full 24 hours have passed since the meeting ended.
+
+The input uses checkpointing to avoid ingesting duplicate data. After the initial run, the script will save the latest meeting start time as the checkpoint, and will be used as the `Start Time` (advancing by one second) for the next run.
+
+## Configure Webex Meeting Summary input through Splunk Web 
+
+1. In the **Inputs** tab select **Create New Input**.
+2. Choose **Webex Meetings Summary Report**.
+3. Enter the information in the related fields using the following input parameters table.
+
+## Input Parameters 
+
+Each attribute in the following table corresponds to a field in Splunk Web.
+
+|Input name               |Corresponding field in Splunk Web | Description|
+|-------------------------|----------------------------------|------------|
+|`name`                   |Name                              |A unique name for your input.|
+|`interval`               |Interval                          |Time interval of input in seconds.|
+|`index`                  |Index                             |The index in which the data should be stored. The default is <code>default</code>.|
+|`account`                |Global Account                    |The Webex account created in the Configuration tab.|
+|`site_url`               |Site Name                         |Site Name of the Webex Meeting account. `example: example.webex.com`|
+|`start_time`             |Start Time                        |Required, Start date and time (inclusive) in the format YYYY-MM-DDTHH:MM:SSZ, `example:2023-01-01T00:00:00Z`. The start time must be set to 24 hours prior to the current UTC time. The interval between Start Time and End Time cannot exceed 30 days and Start Time cannot be earlier than 90 days ago.|
+|`end_time`               |End Time                          |Optional, End date and time in the format YYYY-Mon-DDTHH:MM:SSZ.(Optional), `example:2023-02-01T00:00:00Z`. Leave it blank if an ongoing ingestion mode is needed. The interval between Start Time and End Time cannot exceed 30 days.|