Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
12103
Views
3
Helpful
4
Replies

Splunk intergration

Phil15
Level 1
Level 1

‎07-03-2018 06:17 PM

Has anyone been able to integrate all the logs produced from Systems Manger to be pushed into Splunk or something similar. Any help or being pointed into the right direction would be greatly appreciated.

Thanks

Labels:
0 Helpful
4 Replies 4

Philip D'Ath
Meraki Community All-Star
Meraki Community All-Star

‎07-03-2018 08:16 PM

I haven't seen anything for Splunk with regard to Systems Manager. Not that it can not be done, but the integrations I have seen have been based around MX.

Check out this developer communities post:

https://communities.cisco.com/community/developer/meraki/blog/2016/07/05/merakifying-splunk

Basavaraj2
Community Member

‎02-17-2022 10:48 AM

Hello Phil,

there is an option to that which is Splunk Add-On for Cisco Meraki Operations, Even I am trying in my POC environment this, will give more views if I found anything further. Please go through with below links you find something.

https://splunkbase.splunk.com/app/6201/#/overview

https://docs.splunk.com/Documentation/AddOns/released/Meraki/Setup

0 Helpful

Faisal Mehmood
Frequent Visitor
Frequent Visitor
In response to Basavaraj2

‎08-11-2022 03:22 PM

I am wondering if you were able to make it work

0 Helpful

Arthur Dent
Cisco Employee
Cisco Employee

‎08-17-2022 02:32 AM

With many integrations, there's two options:

PULL: Where the data is PULLED from Meraki, using the APIs

PUSH: where, using web hooks, syslog, data is pushed from Meraki

The Splunk integration appears to be a PULL integration, according to the APIs that it uses:

https://api.meraki.com/api/v1/organizations/:org/devices/statuses/
https://api.meraki.com/api/v1/organizations/:org/uplinks/statuses/
https://api.meraki.com/api/v1/organizations/:org/devices/uplinksLossAndLatency
https://api.meraki.com/api/v1/organizations/:org/networks
https://api.meraki.com/api/v1/networks/:network/devices

I note that the SM endpoints are not included in there

HOWEVER, whilst not impossible, there's a little work for you to do. It looks like Splunk can ingest data using any REST based API:

https://www.splunk.com/en_us/blog/tips-and-tricks/getting-data-from-your-rest-apis-into-splunk.html

And this starts with a simple form to fill in:

image.jpeg

Don't forget that Meraki uses a custom parameter for Auth, 

X-Cisco-Meraki-API-Key: <secret key>

Which should go into your headers.

Let me know how you get on....

Customers Also Viewed These Support Documents