All Apps and Add-ons

How to use the TA-meraki app.

fsccgeek
New Member

I'm forwarding the Meraki syslogs to the server that Splunk is on (port 514 udp). I'm seeing logs and can can do basic searches in them.

Was hoping the TA-meraki app could help me dive even more into them.

I have the TA-meraki app installed. Just don't understand how to use the app or do the suggested steps in the details page. I'm only using Splunk as a way to interpret Meraki logs. Could use some help understand where to use the app and how to appropriately configure it to get even more info out of the Meraki logs.

Tags (1)
0 Karma

myron_davis
Path Finder

I haven't tried sending the meraki logs directly to splunk; I've always sent it to a syslog server instead.

As long as you apply the data as sourcetype=meraki and put it into index meraki from splunk it should still pick it up.

I would probably create a new port (i.e. 51411 in splunk), and force sourcetype=meraki and index=meraki. (thereby not to interfere with anything else)

If you do this, you will need to go into the meraki dashboard and select the alternative new port.

The docs I wrote were targeting on boarding the data via syslog-ng as a sample.

As soon as you do that and you have the TA loaded it should pick it up automatically.

0 Karma

damode
Motivator

I have followed all steps properly and able to get meraki logs as expected.

However, I was wondering if there was a Meraki app that provided more visual data like dashboard views or pre-loaded searches ?

0 Karma

myron_davis
Path Finder

Sorry for the long delay; somehow I'm not getting notified when responses come in.

This TA is only a set of extractions to make it comply with the common information model. With any common information model dashboard that uses the relevant models you will get visualization.

This is the foundation... everything else can be built on top of this extraction.

0 Karma

damode
Motivator

Hi Myron,

Thanks for that.

Can you please also answer this qn ?
https://answers.splunk.com/answers/586014/invalid-key-in-stanza-should-linemerge-of-inputsco.html

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...