Using the Splunk Add-on for NetFlow (Splunk_TA_flowfix) to ingest nfdump data. Routers are configured to send data every 60s with nfdump aggregating every 5 min into a nfcapd file. Currently the inputs.conf is running the flowfix.sh script at the default 60s. Should we change this to 300s?
much obliged, Shery
I keep looking at this and trying to figure out what the question is...