We are running Splunk Cloud, and the Cloud operations team created a HTTP Event Collector with a new token. On the Meraki dashboard, I enter the URL from Splunk Cloud (https://http-inputs-oxfordinc.splunkcloud.com/services/collector/event) and I enter the HEC "token" as the Meraki secret. It won't validate, giving a response other than 200 message.
My guess is this is an issue that the Meraki "secret" and "validator" are not tied to the HEC token in any way, but I can't find any details on how this is supposed to be accomplished. Any help is appreciated.
I think I understand part of the issue now. The Meraki_TA isn't working in our Splunk Cloud instance, even though it is supposedly supported. Thanks!
HEC has absolutely nothing to do with the Cisco Meraki Setup.
Validator and Secret can be obtained from your Meraki admin.