All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to use the TA-meraki app.

fsccgeek
New Member
‎08-12-2016 01:48 PM

I'm forwarding the Meraki syslogs to the server that Splunk is on (port 514 udp). I'm seeing logs and can can do basic searches in them.

Was hoping the TA-meraki app could help me dive even more into them.

I have the TA-meraki app installed. Just don't understand how to use the app or do the suggested steps in the details page. I'm only using Splunk as a way to interpret Meraki logs. Could use some help understand where to use the app and how to appropriately configure it to get even more info out of the Meraki logs.

Tags (1)
0 Karma
Reply

myron_davis
Path Finder
‎08-12-2016 07:36 PM

I haven't tried sending the meraki logs directly to splunk; I've always sent it to a syslog server instead.

As long as you apply the data as sourcetype=meraki and put it into index meraki from splunk it should still pick it up.

I would probably create a new port (i.e. 51411 in splunk), and force sourcetype=meraki and index=meraki. (thereby not to interfere with anything else)

If you do this, you will need to go into the meraki dashboard and select the alternative new port.

The docs I wrote were targeting on boarding the data via syslog-ng as a sample.

As soon as you do that and you have the TA loaded it should pick it up automatically.

0 Karma
Reply

damode
Motivator
‎10-18-2017 03:38 AM

I have followed all steps properly and able to get meraki logs as expected.

However, I was wondering if there was a Meraki app that provided more visual data like dashboard views or pre-loaded searches ?

0 Karma
Reply

myron_davis
Path Finder
‎12-06-2017 05:20 PM

Sorry for the long delay; somehow I'm not getting notified when responses come in.

This TA is only a set of extractions to make it comply with the common information model. With any common information model dashboard that uses the relevant models you will get visualization.

This is the foundation... everything else can be built on top of this extraction.

0 Karma
Reply

damode
Motivator
‎12-06-2017 05:35 PM

Hi Myron,

Thanks for that.

Can you please also answer this qn ?
https://answers.splunk.com/answers/586014/invalid-key-in-stanza-should-linemerge-of-inputsco.html

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...