Sampled NetFlow is available on some Cisco devices. sFlow is a feature of HP routers and switches. These features allow collecting NetFlow statistics for a subset of traffic on the interface, selecting only one out of "N" sequential packets, where "N" is a configurable parameter. It is used to improve router’s CPU utilization and to reduce the volume of generated NetFlow records.
Is there any interest in integrating Sampled NetFlow or sFlow into Splunk?
sFlow is now supported by NetFlow Integrator! It enables you to collect Sflow and monitor network traffic in our Splunk App.
We use Inmon for Sflow analytics today. I'd like to move to a single application as much as possible, but Inmon provides a lot of visibility for SFlow, SFlow-HTTP and IPFix.
In the future, I'd also like to be able to use IF-MAP to communicate with IPAM (Infoblox) and other asset/traffic management appliances, to give the SFlow/IPFix tools more granular knowledge about the network traffic and the user creating that traffic.
I would be very interested in it please. We use sflow (brocade) only.
We are working on sFlow support in our product (Standard edition) and it is coming soon. We'd love to talk to you about how you will be using sFlow in Splunk. Please contact us at support@netflowlogic.com.
Samples NetFlow is now supported in NetFlow Integrator. We are going to support sFlow and would like to hear from you.
How do you envision sFlow support in Splunk?
yes very interested
Please contact us directly to discuss this further. support@netflowlogic.com
both, but my immediate needs are for sflow. I've sampled the current netflow for splunk app and it doesn't have sflow compiled in.
Sampled NetFlow or sFlow or both? If Sampled NetFlow, is it v5, v9, or both?