All Apps and Add-ons

How can I index Netflow logs?

khanlarloo
Explorer

Hi,
I want to send my router's Netflow logs to Splunk.
How can I do that?
I installed Splunk in Linux Centos 7 and installed the Splunk Add-on for NetFlow, but my logs still don't show in Splunk.

0 Karma
1 Solution

nickhills
Ultra Champion

Take a look at Splunk Stream - its a far more robust way of collecting the data (and lots more)!
https://docs.splunk.com/Documentation/StreamApp/7.1.1/DeployStreamApp/ConfigureFlowcollector

If my comment helps, please give it a thumbs up!

View solution in original post

0 Karma

nickhills
Ultra Champion

Take a look at Splunk Stream - its a far more robust way of collecting the data (and lots more)!
https://docs.splunk.com/Documentation/StreamApp/7.1.1/DeployStreamApp/ConfigureFlowcollector

If my comment helps, please give it a thumbs up!
0 Karma

khanlarloo
Explorer

should i install netflow programm to collect my data and then send them to splunk?

0 Karma

nickhills
Ultra Champion

If you install Splunk TA Stream on a Heavy Forwarder you have all the components you need.

From the doc above:
edit

[streamfwd]
netflowReceiver.0.ip = <your hvy fwd ip>
netflowReceiver.0.port = 9995
netflowReceiver.0.decoder = netflow

then configure your network devices to send netflow to <your hvy fwd id> :9995

If my comment helps, please give it a thumbs up!

gjanders
SplunkTrust
SplunkTrust

Depending on the volume of traffic you may want to install the independent stream forwarder...

0 Karma

khanlarloo
Explorer

tanx i do it and it works

0 Karma
Get Updates on the Splunk Community!

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

A Guide To Cloud Migration Success

As enterprises’ rapid expansion to the cloud continues, IT leaders are continuously looking for ways to focus ...

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...