Hi all!
I am trying to set up the flow collector to ingest netflow into my Splunk instance according to the docs (https://docs.splunk.com/Documentation/StreamApp/7.1.1/DeployStreamApp/ConfigureFlowcollector)
I am running a single instance to implement a PoC, so nothing fancy here.
What I've got so far: I installed Splunk_TA_Stream and fixed the permissions.
I also set up a $SPLUNK_HOME/etc/apps/Splunk_TA_stream/local/streamfwd.conf with my ingest settings:
[streamfwd]
netflowReceiver.0.ip = 172.16.1.3
netflowReceiver.0.port = 9995
netflowReceiver.0.decoder = netflow
But no matter how I try, the configured port never opens up, shows in netstat or is reachable via nc/telnet.
Any help on how to get this config running would be greatly appreciated!
... View more