We've been trying to get Splunk to process sflow data. In order to do this, we came across this link and have followed the following process:
We used Netflow optimizer to receive Sflow data and generate a Syslog file. However, Netflow optimizer is not able to send syslogs to Splunk, whereas, Visual Syslog is able to receive the syslogs from Netflow optimizer.
We also tried using Splunk stream (sflow collector) to ingest the sflow data but were unable to receive the Syslog files.
For both cases, we're able to capture the sflow packets on Wireshark but are unable to get Splunk to process the data for sflow.
... View more