These could be the events that are generated by the windows, Meraki provides you with the medium to log the windows events to your syslog server. I assume they could be similar to the events that you see in the event viewer. The clients would be the ones that are connected to your MS appliances.
The MX Security Appliance supports sending four categories of messages/roles: Event Log, IDS Alerts, URLs, and Flows. MR access points can send the same roles with the exception of IDS alerts. MS switches currently only support Event Log messages.