I am Nuwantha, i'm trying Splunk free for receive Cisco Meraki Firewall logs.
But i still couldn't configure. I tried TA-Meraki that i found on the internet but no luck. Please help to configure Splunk to receive Meraki MX logs. Appreciate.
The TA deals with data once it is coming into Splunk; you have to make that happen. The best way is either this:
welcome to the community! As far as I can see, the TA does not define any inputs settings. These need to be defined on your indexer or in your case, the all-in-one instance.
Depending on the protocol, you either have to define a
[udp://] stanza in your inputs.conf configuration file.
Something like this:
[tcp:514] or [tcp://HOST:514]
or any other port if the device is able to select which ports it wants to send their logs.
Edit: You can simply create a
local directory inside of the TA and put the config file there.