I have searched around the splunkbase quite a bit and have not yet found a solution. We were previously using the nfdump solution. We upgraded to the NetFlow Integrator 3.0.2 and now we don't get any data. The Integrator is configured to listen on port 9995. There is definitely traffic coming in on 9995, the UDP input for 9995 is configured, but I do not get any results when searching for "sourcetype=netflow". I've also tried removing the directory from /opt/splunk/etc/apps/ and reinstalling the app after that. Any assistance would be greatly appreciated.
... View more