Splunk intergration

Phil1
Here to help

Splunk intergration

Has anyone been able to integrate all the logs produced from Systems Manger to be pushed into Splunk or something similar. Any help or being pointed into the right direction would be greatly appreciated.

 

Thanks

4 REPLIES 4
PhilipDAth
Kind of a big deal

I haven't seen anything for Splunk with regard to Systems Manager.  Not that it can not be done, but the integrations I have seen have been based around MX.

 

Check out this developer communities post:

https://communities.cisco.com/community/developer/meraki/blog/2016/07/05/merakifying-splunk

Basavaraj
Conversationalist

Hello Phil,

 

there is an option to that which is Splunk  Add-On for Cisco Meraki Operations, Even I am trying in my POC environment this, will give more views if I found anything further. Please go through with below links you find something.

 

https://splunkbase.splunk.com/app/6201/#/overview

https://docs.splunk.com/Documentation/AddOns/released/Meraki/Setup

 

I am wondering if you were able to make it work

PaulF
Meraki Employee

With many integrations, there's two options:

 

PULL: Where the data is PULLED from Meraki, using the APIs

PUSH: where, using web hooks, syslog, data is pushed from Meraki

 

The Splunk integration appears to be a PULL integration, according to the APIs that it uses:

https://api.meraki.com/api/v1/organizations/:org/devices/statuses/
https://api.meraki.com/api/v1/organizations/:org/uplinks/statuses/
https://api.meraki.com/api/v1/organizations/:org/devices/uplinksLossAndLatency
https://api.meraki.com/api/v1/organizations/:org/networks
https://api.meraki.com/api/v1/networks/:network/devices

 

I note that the SM endpoints are not included in there

 

HOWEVER, whilst not impossible, there's a little work for you to do. It looks like Splunk can ingest data using any REST based API:

 

https://www.splunk.com/en_us/blog/tips-and-tricks/getting-data-from-your-rest-apis-into-splunk.html

 

And this starts with a simple form to fill in:

 

image.jpeg

 

Don't forget that Meraki uses a custom parameter for Auth, 

X-Cisco-Meraki-API-Key: <secret key>

Which should go into your headers.

 

Let me know how you get on....

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels