How can I get data coming from my Netflow (Flow Ex...

abdulhasnath · ‎09-19-2017

Hi,

Can someone direct me on what app I need to install to get data coming from my Netflow (Flow Export) appliance into Splunk Enterprise?

I have installed a forwarder and set the deployment/receiver server address to the address of where Splunk Enterprise is installed.
I have followed the Splunk Stream guide, and installed this app. Is this the right way?

Many thanks

richgalloway · ‎09-19-2017

In addition to pointing the forwarder at Splunk Enterprise, you must also tell Splunk Enterprise to accept data from the forwarder.
Go to Settings->Forwarding and receiving and click "Add new" under Receiving. Enter the port number to listen on (usually 9997) and click Save.

---
If this reply helps you, Karma would be appreciated.

abdulhasnath · ‎09-19-2017

Thanks for your answer. I have installed the forwarder + Splunk Enterprise on a server we have. How do I configure it to receive information from my NetFlow appliance, or is it just the case of me sending this information to the IP address + port number of the server that forwarder sits on from my appliance? If so, how do I then view this information on Splunk Enterprise? Sorry for all the questions, this is something new to us.

abdulhasnath · ‎09-20-2017

Also is it possible to add a 'pcap' file and view it in Splunk through dashboards? I've uploaded it via Settings>Data input but cannot see anything, I have also installed Splunk for PCAP files but no success?

How can I get data coming from my Netflow (Flow Export) appliance into Splunk Enterprise

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

Splunk APM: New Product Features + Community Office Hours Recap!

Index This | Forward, I’m heavy; backward, I’m not. What am I?