topic Re: netflow missing fields problem with flowIntegrator in Getting Data In https://community.splunk.com/t5/Getting-Data-In/netflow-missing-fields-problem-with-flowIntegrator/m-p/63861#M12844 <P>The field for destination_addr is supported in another rule available in the latest beta for 2.0. You will need to register for it on our website: <A href="http://www.netflowlogic.com">http://www.netflowlogic.com</A>. If you have any additional questions or support requests, please see our support site at: <A href="https://netflowlogic.zendesk.com/home">https://netflowlogic.zendesk.com/home</A></P> Wed, 16 Jan 2013 00:27:18 GMT dmiller2010 2013-01-16T00:27:18Z netflow missing fields problem with flowIntegrator https://community.splunk.com/t5/Getting-Data-In/netflow-missing-fields-problem-with-flowIntegrator/m-p/63860#M12843 <P>Hi all, </P> <P>I managed to retrieve netflow from my cisco firewall by using flowIntegrator and splunk. But the problem is : The netflow record that I get have missing fields like destination_addr. I copied the netflow data with key-value match that I retrieved below. Is there anyone have any idea about this issue? Any help is appreciated.</P> <P>_sourcetype: flowintegrator<BR /><BR /> index: main<BR /><BR /> t_int: 30005<BR /><BR /> bytes: 0<BR /><BR /> host: 127.0.0.1<BR /><BR /> _cd: 1:63560<BR /><BR /> _serial: 0<BR /><BR /> fi_module: 50015<BR /><BR /> _si: ubuntu,main<BR /><BR /> date: Dec 13 11:49:23<BR /><BR /> splunk_server: ubuntu<BR /><BR /> linecount: 1<BR /><BR /> percent_of_total: 0<BR /><BR /> _indextime: 1355392163<BR /><BR /> denied_cnt: 1<BR /><BR /> username: na<BR /><BR /> created_cnt: 1<BR /><BR /> source: netflow<BR /><BR /> sourcetype: flowintegrator<BR /><BR /> _bkt: main~1~3984975D-B674-425B-B482-EA9629744985<BR /><BR /> _time: 2012-12-13T11:49:23.000+02:00<BR /><BR /> ipv4_src_addr: 31.13.72.7<BR /><BR /> _raw: Dec 13 11:49:23 ff:ff:00:01 fi_module=50015 ipv4_src_addr=31.13.72.7 username=na created_cnt=1 denied_cnt=1 bytes=0 percent_of_total=0 t_int=30005 </P> Mon, 28 Sep 2020 12:58:06 GMT https://community.splunk.com/t5/Getting-Data-In/netflow-missing-fields-problem-with-flowIntegrator/m-p/63860#M12843 yunusemreakbaba 2020-09-28T12:58:06Z Re: netflow missing fields problem with flowIntegrator https://community.splunk.com/t5/Getting-Data-In/netflow-missing-fields-problem-with-flowIntegrator/m-p/63861#M12844 <P>The field for destination_addr is supported in another rule available in the latest beta for 2.0. You will need to register for it on our website: <A href="http://www.netflowlogic.com">http://www.netflowlogic.com</A>. If you have any additional questions or support requests, please see our support site at: <A href="https://netflowlogic.zendesk.com/home">https://netflowlogic.zendesk.com/home</A></P> Wed, 16 Jan 2013 00:27:18 GMT https://community.splunk.com/t5/Getting-Data-In/netflow-missing-fields-problem-with-flowIntegrator/m-p/63861#M12844 dmiller2010 2013-01-16T00:27:18Z