I am trying to send Meraki Alerts to Splunk HEC Endpoint.
Please refer this URL to understand how we send Meraki alerts to receiving services. https://developer.cisco.com/meraki/webhooks/#!introduction/overview
I need to specify the Splunk endpoint and the shared secret in the Meraki webhook alert page as expected by Meraki. And here are the following details"
Webhook URL: Splunk Public Endpoint DNS(Backend will be heavy forwarder:8088)/services/collector/rawShared Secret: HEC token in that Heavy forwarder
Now when I hit the test option, the Meraki alerts are not flowing into Splunk and on detailed log Splunk analysis, we get the below error in our splunkd.log:
06-03-2020 17:12:23.556 +0200 ERROR HttpInputDataHandler - Failed processing http input, token name=n/a, channel=n/a, source_IP=****, reply=2, events_processed=0, http_input_body_size=878
I could see that Meraki is not able to send the shared secret key with Splunk token embedded and hence failing.Any suggestion on fixing this would be of great help.