All Apps and Add-ons

Netflow information is being fetched but not being displayed

shihabhamsa
New Member

I have tried configuring the netflow app in my splunk 4.3.4.

I can see the nfdump log collecting the data, but nothing is being displayed in the netflow dashboard.

Any idea on how to troubleshoot will be appreciated

0 Karma

dmiller2010
Path Finder

Hello Cyphertek,

Thank you for your question, allow me to assist you. What is the device you are trying to collect with the free Splunk App? If it is standard v5, v9 then it should work just fine. However, if you are your trying to collect from something else , you may need to use our Standard Edition software. Can you do the following;

  1. Stop the NetFlow Integrator server from the Application configuration screen
  2. Go to Splunk/etc/apps/netflow/bin//etc
  3. Modify the first line of the server.cfg file as follows

From: TRACE_ERR
To: TRACE_FLOOD

  1. Start the NetFlow Integrator server

Let it run for a few minutes and zip up the log files located in: spunk/etc/app/netflow/logs and please open a support case at: https://netflowlogic.zendesk.com/home

We can take a look and see what is taking place.

Thanks! Damian

0 Karma

dmiller2010
Path Finder

If the device can output standard v5 and v9, then it can be processed by the free application. If it is another format, such as IPFIX, then it would need to be processed by our NetFlow Integrator Standard software. Please send the logs when you are able so we can take a look.

0 Karma

cyphertek
Explorer

Thank you Damian. I'm trying to capture from an Linksys E2500 router running DD-WRT v24 sp2 firmware. I'm starting to think I may need the Standard Software version. Is that what I should be using to collect from the E2500?

0 Karma

MarioM
Motivator

this app use summary indexing then it might take time to populate but the you can check first if you have data with follow searches:

sourcetype=netflow

or

index=netflow_si_traffic

if no data then check internal index for any errors:

index=_internal sourcetype=splunkd ("nfdump" OR "netflow")
0 Karma

cyphertek
Explorer

I installed NetFlow for Splunk Powered by NetFlow Integrator 3.1.3 on Splunk 5.0.1 on my Debian server.

I configured UDP data input on 9995 to use "netflow" as the source type and the index of "netflow_si_traffic".

However, there is nothing found when searching "sourcetype=netflow" and "index=netflow_si_traffic".

Also I get "No results found." when going to Overview for All Time in the NetFlow app.

I'm seeing a lot of posts about this app not working…what in the world do I have to do to get this to work?

I appreciate anyone that will help with a real solution!

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...