Meraki

Community

Splunk intergration

Phil1
Here to help
‎Jul 3 2018 6:17 PM
‎Jul 3 2018 6:17 PM

Splunk intergration

Has anyone been able to integrate all the logs produced from Systems Manger to be pushed into Splunk or something similar. Any help or being pointed into the right direction would be greatly appreciated.

 

Thanks

Labels:
0 Kudos
4 Replies 4
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jul 3 2018 8:16 PM
‎Jul 3 2018 8:16 PM

I haven't seen anything for Splunk with regard to Systems Manager.  Not that it can not be done, but the integrations I have seen have been based around MX.

 

Check out this developer communities post:

https://communities.cisco.com/community/developer/meraki/blog/2016/07/05/merakifying-splunk

Basavaraj
Conversationalist
‎Feb 17 2022 10:48 AM
‎Feb 17 2022 10:48 AM

Hello Phil,

 

there is an option to that which is Splunk  Add-On for Cisco Meraki Operations, Even I am trying in my POC environment this, will give more views if I found anything further. Please go through with below links you find something.

 

https://splunkbase.splunk.com/app/6201/#/overview

https://docs.splunk.com/Documentation/AddOns/released/Meraki/Setup

 

0 Kudos
In response to Basavaraj
FaisalMe
Here to help
‎Aug 11 2022 3:22 PM
‎Aug 11 2022 3:22 PM

I am wondering if you were able to make it work

0 Kudos
PaulF
Meraki Employee All-Star Meraki Employee All-Star
Meraki Employee All-Star
‎Aug 17 2022 2:32 AM
‎Aug 17 2022 2:32 AM

With many integrations, there's two options:

 

PULL: Where the data is PULLED from Meraki, using the APIs

PUSH: where, using web hooks, syslog, data is pushed from Meraki

 

The Splunk integration appears to be a PULL integration, according to the APIs that it uses:

https://api.meraki.com/api/v1/organizations/:org/devices/statuses/
https://api.meraki.com/api/v1/organizations/:org/uplinks/statuses/
https://api.meraki.com/api/v1/organizations/:org/devices/uplinksLossAndLatency
https://api.meraki.com/api/v1/organizations/:org/networks
https://api.meraki.com/api/v1/networks/:network/devices

 

I note that the SM endpoints are not included in there

 

HOWEVER, whilst not impossible, there's a little work for you to do. It looks like Splunk can ingest data using any REST based API:

 

https://www.splunk.com/en_us/blog/tips-and-tricks/getting-data-from-your-rest-apis-into-splunk.html

 

And this starts with a simple form to fill in:

 

image.jpeg

 

Don't forget that Meraki uses a custom parameter for Auth, 

X-Cisco-Meraki-API-Key: <secret key>

Which should go into your headers.

 

Let me know how you get on....

 

li.common.scroll-to.top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.