Splunk is a great multifunction platform but it needs to be fed data. Without it, Splunk is a server that just burns electrons and generates heat. A few short years ago, the problem we faced was how do we generate the data. Now, taking advantage of the many Cisco Meraki APIs, we are shifting to a world where we must ask ourselves: what do we do with all this data? Hence, the Merafication of Splunk has arrived. Let's explore a couple of options on how we Merakify Splunk: Syslog: You can easily send Splunk syslog information from Cisco Meraki devices. All you have to do is ensure the network devices can reach your Splunk server. Dashboard setup: Go to Network-wide -> General. Under the Reporting section, click on “Add a syslog server.” Input the IPv4 address and destination port. You have the option to specify which type of syslog messages to send to the server. Syslog server setup options. Splunk recommendations: To help distinguish your Meraki syslog data later, you can set up a separate index for it under Settings->Indexes. This is highly recommended especially when pulling in data from multiple sources. Using the default Search & Reporting app that comes on Splunk Enterprise, simply search for a parameter in the desired timeframe. For example, using the ‘meraki’ index, we want to see all IPv6 traffic on the network that starts with 2001: index=meraki src=2001* Sample syslog output from a combined network. CMX Analytics: CMX can be viewed as the ability to take data generation to the next level by providing real-time engagement services . The CMX API, JSON-based , allows the network to be used as a tool for the trade to go beyond simply providing Internet access. It can now be used as a marketing, revenue-generating machine. Dashboard setup: Go to Network-wide -> General. Scroll down to the CMX section and enable the CMX API. Add the POST URL to the server you will be sending the data to. IP addresses and hostnames are both acceptable formats. Multiple servers can be setup from the same network. NOTE: The data is sent from dashboard to the Splunk server. Make sure it is reachable over the specified POST URL. CMX setup options to different destinations. Splunk recommendations: Install the Cisco Meraki Presence Modular Input - https://splunkbase.splunk.com/app/1711/ Remember to always visit http://developers.meraki.com for other Splunk tools that become available. To help distinguish your Meraki syslog data later, you can set up a separate index for it under Settings->Indexes. This is highly recommended especially when pulling in data from multiple sources. For example, using the ‘cmx’ index, we want to see all real-time analytics as they are coming in: index=cmx Example CMX data of a dual-stack client device. Splunk has many handy tools and algorithms that allow the data to be manipulated and presented and many ways. You can get creative by generating dashboards like the one below: Retail customer example of foot traffic. JSON has become the popular form-factor to request and deliver data because it is modular and flexible. After that, it is up to us and our imaginations to figure out how to display the data and make the best use of it. We would love to see how creative you can be. Reachout and get showcased on http://developers.meraki.com. References:  https://documentation.meraki.com/MR/Monitoring_and_Reporting/CMX_Analytics  http://www.json.org/ COME SEE US AT CISCO LIVE LAS VEGAS “Real-Time Retail Analytics with Splunk and Meraki” - presented by Colin Lowenberg and Wissam Ali-Ahmad (from Splunk) Thursday, July 14, 2:00 p.m. FYI, the title online is: Mobile Presence and Operational Analytics with Splunk and Meraki http://www.ciscolive.com/us/learn/sessions/session-catalog/?search=DEVNET-2051 Session ID: DEVNET-2051
... View more
At the heart and soul of our networks are network application monitoring tools (e.g. Cisco Prime, SecureNow AlertLogic, WhatsUp Gold). They provide 3 rd party, independent assessments of the state of our networks. Over the years, these kind of tools have grown past the simple task of indicating whether something is up or down. Now, we want to know, if up, how much traffic is it passing? Does it have the resources needed to sustain it? And much more. With the proliferation of Internet connectivity, the adoption of standards, and the landscape of vendors becoming ever so crowded, we have learned that maintaining a healthy network is not an easy task. We need to be able to scale and automate ourselves through the programmability of networks. Long gone are the days of just knowing what the standards are and how to setup a device. Now, the network has evolved to become a tool of the business. Out of the need to scale and the pressure to maintain networks under budgetary constraints and with limited personal, automating network tasks are on the horizon. APIs are the right tools to aid us down the path of network automation. If you own a network application monitor tool, make sure it supports REST API calls. If so, you can leverage the investment already made and tie Cisco Meraki’s Dashboard into it. Let's consider the following simple workflow example on collecting data analytics that could be integrated into your monitoring application: API call 1: Obtain Organization ID. https://dashboard.meraki.com/api/v0/organizations API call 2: List Network IDs for the Organization. https://dashboard.meraki.com/api/v0/organizations/[organizationId]/networks API call 3: Collect traffic analytics data. https://dashboard.meraki.com/api/v0/networks/[id]/traffic?timespan=7200 The end result can be observed below: Sample returned output. Cisco Meraki API calls permit Dashboard to become part of your daily workflow to setup, maintain, and optimize your networks from within the monitoring tools you are already leveraging. Share with the community what monitoring applications you are using, how you are making it part of your daily workflow, and contribute any code others would use. Visit http://developers.meraki.com to get started today!
... View more