How to resolve splunkd error when sending Meraki A...

developmenttool · ‎06-04-2020

I am trying to send Meraki Alerts to Splunk HEC Endpoint.

Please refer this URL to understand how we send Meraki alerts to receiving services. https://developer.cisco.com/meraki/webhooks/#!introduction/overview

I need to specify the Splunk endpoint and the shared secret in the Meraki webhook alert page as expected by Meraki. And here are the following details"

Webhook URL: Splunk Public Endpoint DNS(Backend will be heavy forwarder:8088)/services/collector/raw
Shared Secret: HEC token in that Heavy forwarder

Now when I hit the test option, the Meraki alerts are not flowing into Splunk and on detailed log Splunk analysis, we get the below error in our splunkd.log:

06-03-2020 17:12:23.556 +0200 ERROR HttpInputDataHandler - Failed processing http input, token name=n/a, channel=n/a, source_IP=****, reply=2, events_processed=0, http_input_body_size=878

I could see that Meraki is not able to send the shared secret key with Splunk token embedded and hence failing.
Any suggestion on fixing this would be of great help.

ansif · ‎04-22-2021

@developmenttool : Is this issue resolved? May I know how you ended up this integration?

How to resolve splunkd error when sending Meraki Alerts to Splunk HTTP Event Collector Endpoint?

alert action

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation