With many integrations, there's two options: PULL: Where the data is PULLED from Meraki, using the APIs PUSH: where, using web hooks, syslog, data is pushed from Meraki The Splunk integration appears to be a PULL integration, according to the APIs that it uses: https://api.meraki.com/api/v1/organizations/:org/devices/statuses/ https://api.meraki.com/api/v1/organizations/:org/uplinks/statuses/ https://api.meraki.com/api/v1/organizations/:org/devices/uplinksLossAndLatency https://api.meraki.com/api/v1/organizations/:org/networks https://api.meraki.com/api/v1/networks/:network/devices I note that the SM endpoints are not included in there HOWEVER, whilst not impossible, there's a little work for you to do. It looks like Splunk can ingest data using any REST based API: https://www.splunk.com/en_us/blog/tips-and-tricks/getting-data-from-your-rest-apis-into-splunk.html And this starts with a simple form to fill in: Don't forget that Meraki uses a custom parameter for Auth, X-Cisco-Meraki-API-Key: <secret key> Which should go into your headers. Let me know how you get on....
... View more