Splunk Cisco Meraki Modular Input v0.8
This is a Splunk modular input add-on for Cisco Meraki that allows you to receive JSON probe events from the Meraki Presence Cloud.
- Splunk 5.0+
- Supported on Windows, Linux, MacOS, Solaris, FreeBSD, HP-UX, AIX
- Untar the release to your $SPLUNK_HOME/etc/apps directory
- Restart Splunk
- Browse to the Meraki App and enter the Meraki Secret and Validator in the setup screen.
- navigate to Data inputs -> Meraki to setup a new Meraki HTTP server to listen for event data
- Choose a port to listen on in Splunk , anything you want > 1024 would be sensible unless you are running Splunk as a privileged user
- Choose your Meraki API version
- Setup sourcetype/index etc….
- Then on the Meraki side of things you will configure to send events to the HTTP POST URL , and specify the port in the URL also : http://yoursplunkhost:yourport/events
You require an activation key to use this App. Visit http://www.baboonbones.com/#activation to obtain a free,non-expiring key
Any log entries/errors will get written to $SPLUNK_HOME/var/log/splunk/splunkd.log
Any errors are searchable : index=_internal error ExecProcessor meraki.py
- You are using Splunk 5+
- Look for any errors in $SPLUNK_HOME/var/log/splunk/splunkd.log