With many integrations, there's two options: PULL: Where the data is PULLED from Meraki, using the APIs PUSH: where, using web hooks, syslog, data is pushed from Meraki The Splunk integration appears to be a PULL integration, according to the APIs that it uses: https://api.meraki.com/api/v1/organizations/:org/devices/statuses/ https://api.meraki.com/api/v1/organizations/:org/uplinks/statuses/ https://api.meraki.com/api/v1/organizations/:org/devices/uplinksLossAndLatency https://api.meraki.com/api/v1/organizations/:org/networks https://api.meraki.com/api/v1/networks/:network/devices I note that the SM endpoints are not included in there HOWEVER, whilst not impossible, there's a little work for you to do. It looks like Splunk can ingest data using any REST based API: https://www.splunk.com/en_us/blog/tips-and-tricks/getting-data-from-your-rest-apis-into-splunk.html And this starts with a simple form to fill in: Don't forget that Meraki uses a custom parameter for Auth, X-Cisco-Meraki-API-Key: <secret key> Which should go into your headers. Let me know how you get on....
... View more
Have a look at this link. this is what we now use instead of splunk for our environment. EventLog Analyzer - SIEM Log management software. (manageengine.com) Runs on a single server, 12 core, 96GB RAM which also runs our Rapid7 scanning tools too.
... View more