https://community.cisco.com/t5/endpoint-security/splunk-intergration/m-p/5422971#M10771 <P>I haven't seen anything for Splunk with regard to Systems Manager. Not that it can not be done, but the integrations I have seen have been based around MX.</P><P>Check out this developer communities post:</P><P><A href="https://communities.cisco.com/community/developer/meraki/blog/2016/07/05/merakifying-splunk" target="_self" rel="nofollow noopener noreferrer">https://communities.cisco.com/community/developer/meraki/blog/2016/07/05/merakifying-splunk</A></P> Wed, 04 Jul 2018 03:16:31 GMT Philip D'Ath 2018-07-04T03:16:31Z https://community.cisco.com/t5/endpoint-security/splunk-intergration/m-p/5422970#M10770 <P>Has anyone been able to integrate all the logs produced from Systems Manger to be pushed into Splunk or something similar. Any help or being pointed into the right direction would be greatly appreciated.</P><P>Thanks</P> Wed, 04 Jul 2018 01:17:49 GMT https://community.cisco.com/t5/endpoint-security/splunk-intergration/m-p/5422970#M10770 Phil15 2018-07-04T01:17:49Z https://community.cisco.com/t5/endpoint-security/splunk-intergration/m-p/5422971#M10771 <P>I haven't seen anything for Splunk with regard to Systems Manager. Not that it can not be done, but the integrations I have seen have been based around MX.</P><P>Check out this developer communities post:</P><P><A href="https://communities.cisco.com/community/developer/meraki/blog/2016/07/05/merakifying-splunk" target="_self" rel="nofollow noopener noreferrer">https://communities.cisco.com/community/developer/meraki/blog/2016/07/05/merakifying-splunk</A></P> Wed, 04 Jul 2018 03:16:31 GMT https://community.cisco.com/t5/endpoint-security/splunk-intergration/m-p/5422971#M10771 Philip D'Ath 2018-07-04T03:16:31Z https://community.cisco.com/t5/endpoint-security/splunk-intergration/m-p/5422972#M10772 <P>Hello Phil,</P><P>there is an option to that which is Splunk Add-On for Cisco Meraki Operations, Even I am trying in my POC environment this, will give more views if I found anything further. Please go through with below links you find something.</P><P><A href="https://splunkbase.splunk.com/app/6201/#/overview" target="_blank" rel="nofollow noopener noreferrer">https://splunkbase.splunk.com/app/6201/#/overview</A></P><P><A href="https://docs.splunk.com/Documentation/AddOns/released/Meraki/Setup" target="_blank" rel="nofollow noopener noreferrer">https://docs.splunk.com/Documentation/AddOns/released/Meraki/Setup</A></P> Thu, 17 Feb 2022 18:48:53 GMT https://community.cisco.com/t5/endpoint-security/splunk-intergration/m-p/5422972#M10772 Basavaraj2 2022-02-17T18:48:53Z https://community.cisco.com/t5/endpoint-security/splunk-intergration/m-p/5422973#M10773 <P>I am wondering if you were able to make it work</P> Thu, 11 Aug 2022 22:22:11 GMT https://community.cisco.com/t5/endpoint-security/splunk-intergration/m-p/5422973#M10773 Faisal Mehmood 2022-08-11T22:22:11Z https://community.cisco.com/t5/endpoint-security/splunk-intergration/m-p/5422974#M10774 <P>With many integrations, there's two options:</P><P>PULL: Where the data is PULLED from Meraki, using the APIs</P><P>PUSH: where, using web hooks, syslog, data is pushed from Meraki</P><P>The Splunk integration appears to be a PULL integration, according to the APIs that it uses:</P><P><SPAN><A href="https://api.meraki.com/api/v1/organizations/:org/devices/statuses/" target="_blank" rel="nofollow noopener noreferrer">https://api.meraki.com/api/v1/organizations/:org/devices/statuses/</A></SPAN><BR /><SPAN><A href="https://api.meraki.com/api/v1/organizations/:org/uplinks/statuses/" target="_blank" rel="nofollow noopener noreferrer">https://api.meraki.com/api/v1/organizations/:org/uplinks/statuses/</A></SPAN><BR /><SPAN><A href="https://api.meraki.com/api/v1/organizations/:org/devices/uplinksLossAndLatency" target="_blank" rel="nofollow noopener noreferrer">https://api.meraki.com/api/v1/organizations/:org/devices/uplinksLossAndLatency</A></SPAN><BR /><SPAN><A href="https://api.meraki.com/api/v1/organizations/:org/networks" target="_blank" rel="nofollow noopener noreferrer">https://api.meraki.com/api/v1/organizations/:org/networks</A></SPAN><BR /><SPAN><A href="https://api.meraki.com/api/v1/networks/:network/devices" target="_blank" rel="nofollow noopener noreferrer">https://api.meraki.com/api/v1/networks/:network/devices</A></SPAN></P><P><SPAN>I note that the SM endpoints are not included in there</SPAN></P><P><SPAN>HOWEVER, whilst not impossible, there's a little work for you to do. It looks like Splunk can ingest data using any REST based API:</SPAN></P><P><SPAN><A href="https://www.splunk.com/en_us/blog/tips-and-tricks/getting-data-from-your-rest-apis-into-splunk.html" target="_blank" rel="nofollow noopener noreferrer">https://www.splunk.com/en_us/blog/tips-and-tricks/getting-data-from-your-rest-apis-into-splunk.html</A></SPAN></P><P><SPAN>And this starts with a simple form to fill in:</SPAN></P><P><SPAN class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.jpeg" style="width: 400px;"><span class="lia-inline-image-display-wrapper" image-alt="image.jpeg"><img src="https://community.cisco.com/t5/image/serverpage/image-id/262859i79B0C51A4DC75139/image-size/large?v=v2&amp;px=999" role="button" title="image.jpeg" alt="image.jpeg" /></span></SPAN></P><P> </P><P>Don't forget that Meraki uses a custom parameter for Auth, </P><PRE>X-Cisco-Meraki-API-Key: &lt;secret key&gt;</PRE><P>Which should go into your headers.</P><P>Let me know how you get on....</P> Wed, 17 Aug 2022 09:32:06 GMT https://community.cisco.com/t5/endpoint-security/splunk-intergration/m-p/5422974#M10774 Arthur Dent 2022-08-17T09:32:06Z