Getting Data In

Can Splunk act as a bridge for receiving logs from Meraki and forward it to a s3 bucket?

Sanazinteg
New Member

Hi all,
I need to send our Meraki logs somehow to Splunk and from Splunk to a S3 bucket, but i don't know is this even possible or not? would you please help?

0 Karma

coltwanger
Contributor

I think somesoni2 has a better option with a syslog-ng relay, but you can use the built in syslog routing queue to send data from the Meraki host from Splunk out to S3; look into the _SYSLOG_ROUTING value for DEST_KEY in transforms. Then configure an outputs.conf for your S3 host.

http://docs.splunk.com/Documentation/SplunkCloud/6.6.0/Forwarding/Routeandfilterdatad

0 Karma

somesoni2
SplunkTrust
SplunkTrust

There may be workaround, but if you're not going to use data in Splunk after indexing it, why even involve Splunk? Amazon S3 has several CLI tools (http://aws.amazon.com/cli/) which you can use to send data/files to S3 storage.

0 Karma

Sanazinteg
New Member

I want to use slunk as a bridge since I did not find a way that can send the syslog from Meraki directly to S3 bucket.
thanks for quick response.

0 Karma

somesoni2
SplunkTrust
SplunkTrust

I believe it would be better to just setup a syslog-ng on a server to write Meraki logs to file and use S3 CLI tools to upload those files to s3 buckets. This way you can keep the files in exact same format they are received from Meraki.

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...