Meraki

Community

Cisco Meraki (using REST API) Data Connector in MS Sentinel Can't Edit Data Parser

Solved
ktc2
Conversationalist
‎Apr 18 2025 7:45 AM
‎Apr 18 2025 7:45 AM

Cisco Meraki (using REST API) Data Connector in MS Sentinel Can't Edit Data Parser

Hello,

 

I'm new MS Sentinel. I've installed the Cisco Meraki (using REST API) Data Connector and its status shows "Connected".  I can see data coming in. However, I keep getting a message that I need to edit the Cisco Meraki Data Parser to replace "Server 1", "Server 2", etc. with the actual names of our devices. 

 

I can see it here: 

 

ktc2_0-1744987492119.png

 

 

This sounds easy, but I cannot find any way to edit the data parser.  Can anyone tell me where/how to edit this data parser in Sentinel or Azure? 

1 Accepted Solution
ktc2
Conversationalist
‎Apr 21 2025 6:05 AM
‎Apr 21 2025 6:05 AM

I did get an answer elsewhwere. Thought I should share it here.  Short version is Sentinel has no built in tool for editing parser files.  You have to install one (VSC in my case) and then add Azure and Log Analytics plug ins.  Here's the long version:

 

https://learn.microsoft.com/en-us/answers/questions/2259340/ms-sentinel-cisco-meraki-(using-rest-api...

 

View solution in original post

5 Replies 5
Mloraditch
Kind of a big deal
Kind of a big deal
‎Apr 18 2025 7:53 AM
‎Apr 18 2025 7:53 AM

This may seem like a dumb question, but you can't edit on the right side box on the highlighted screen? I don't use sentinel but at least it appears that's what that box is for.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to Mloraditch
ktc2
Conversationalist
‎Apr 18 2025 7:55 AM
‎Apr 18 2025 7:55 AM

Hi!  Thanks for your reply.  I did try that. It tells me that I'm viewing it in a read-only tool.  Unfortunately, I can't find any other tool that I will show it to me. 

0 Kudos
In response to ktc2
Mloraditch
Kind of a big deal
Kind of a big deal
‎Apr 18 2025 8:20 AM
‎Apr 18 2025 8:20 AM

I can't be certain but take a look at this:

https://learn.microsoft.com/en-us/azure/sentinel/normalization

https://learn.microsoft.com/en-us/azure/sentinel/normalization-parsers-overview

 

And this it seems like these may be what you want.. 

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to Mloraditch
ktc2
Conversationalist
‎Apr 18 2025 8:39 AM
‎Apr 18 2025 8:39 AM

Hello,

 

The second link looked promising, but it seems to assume the reader knows where to do these things.  It says what to do at a very, very high level, but doesn't say where to do it.  I greatly appreciate your efforts. 

0 Kudos
ktc2
Conversationalist
‎Apr 21 2025 6:05 AM
‎Apr 21 2025 6:05 AM

I did get an answer elsewhwere. Thought I should share it here.  Short version is Sentinel has no built in tool for editing parser files.  You have to install one (VSC in my case) and then add Azure and Log Analytics plug ins.  Here's the long version:

 

https://learn.microsoft.com/en-us/answers/questions/2259340/ms-sentinel-cisco-meraki-(using-rest-api...

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
© 2025 Cisco Systems, Inc.