Splunk Cisco Meraki Modular Input v1.4
This is a Splunk modular input add-on for Cisco Meraki that allows you to receive
JSON probe events from the Meraki Presence Cloud.
- Splunk 5.0+
- Supported on Windows, Linux, MacOS, Solaris, FreeBSD, HP-UX, AIX
- Untar the release to your $SPLUNK_HOME/etc/apps directory
- Restart Splunk
- Browse to the Meraki App in Splunk and enter the Meraki Secret and Validator in the setup screen.
- Then Browse to
Settings -> Data Inputs -> Cisco Meraki to add a new Input stanza that will establish a new Meraki HTTP server to listen for event data
- Choose a port to listen on in Splunk , anything you want > 1024 would be sensible unless you are running Splunk as a privileged user
- Choose your Meraki API version
- Setup sourcetype/index etc….
- Then on the Meraki side of things you will configure to send events to the HTTP(s) POST URL , and specify the port in the URL also :
You require an activation key to use this App. Visit http://www.baboonbones.com/#activation to obtain a non-expiring key
Any log entries/errors will get written to $SPLUNK_HOME/var/log/splunk/splunkd.log
Any errors are also searchable :
index=_internal error ExecProcessor meraki.py
- You are using Splunk 5+
- Look for any errors in $SPLUNK_HOME/var/log/splunk/splunkd.log
BaboonBones.com offer commercial support for implementing and any questions pertaining to this App.