Hi All
I have installed nprobe to send data to splunk but unable to see any flow data on dashboard. i have also verified that flow reports are reaching my splunk server through tcpdump.
nprobe command:
nprobe -T "%IPV4_SRC_ADDR %L4_SRC_PORT %IPV4_DST_ADDR %L4_DST_PORT %PROTOCOL %IN_BYTES %OUT_BYTES %FIRST_SWITCHED %LAST_SWITCHED %HTTP_SITE %HTTP_RET_CODE %IN_PKTS %OUT_PKTS %IP_PROTOCOL_VERSION %APPLICATION_ID %L7_PROTO_NAME %ICMP_TYPE" -tcp -n "10.150.221.10:3333" -b 2 -i eth0 -json-labels
Welcome to nprobe v.6.16.140317 ($Revision: 4065 $) for x86_64-unknown-linux-gnu
with native PF_RING acceleration.
I had to retype the command and add double hyphens to the tcp and json parameters. I hope this might help you.,I was having some trouble copying and pasting from the website to my smaller raspberry pi instance for this. I have to replace the double quotes and double hyphenate the tcp and json-labels parameters. Even the hyphens copied were strange. I hope this might be your problem as it is a pretty easy fix.