https://community.splunk.com/t5/Getting-Data-In/How-can-I-index-Netflow/m-p/16460#M1992 <P>"Splunk for NetFlow" App is replaced with "NetFlow for Splunk". See this link: <A href="http://splunk-base.splunk.com/apps/22328/netflow-for-splunk-powered-by-netflow-integrator">http://splunk-base.splunk.com/apps/22328/netflow-for-splunk-powered-by-netflow-integrator</A></P> Mon, 21 Jan 2013 23:31:28 GMT NetFlow_Logic 2013-01-21T23:31:28Z https://community.splunk.com/t5/Getting-Data-In/How-can-I-index-Netflow/m-p/16456#M1988 <P>I want to be able to search netflow data to find suspicious conversations (i.e. someone opening a connection and closing it right away). Is there a way to get a netflow feed into Splunk?</P> Tue, 29 Jun 2010 22:35:41 GMT https://community.splunk.com/t5/Getting-Data-In/How-can-I-index-Netflow/m-p/16456#M1988 Dan 2010-06-29T22:35:41Z https://community.splunk.com/t5/Getting-Data-In/How-can-I-index-Netflow/m-p/16457#M1989 <P>Yes.</P> <P><A href="http://www.splunk.com/wiki/Apps:TrafficFlows" rel="nofollow">http://www.splunk.com/wiki/Apps:TrafficFlows</A></P> Wed, 30 Jun 2010 00:22:24 GMT https://community.splunk.com/t5/Getting-Data-In/How-can-I-index-Netflow/m-p/16457#M1989 rayfoo 2010-06-30T00:22:24Z https://community.splunk.com/t5/Getting-Data-In/How-can-I-index-Netflow/m-p/16458#M1990 <P>Netflow data is binary and, even though you could splunk it like that, it would not be useful in that form inside your Splunk GUI while searching. Therefore, the flow will need to be converted to humanly-readable text first via some NetFlow-2-Text converter, such as the ones mentioned at the "TrafficFlows" link provided in the previous answer.</P> <P>Once converted to text, however, you could then easily setup Splunk to listen on any open tcp or udp port for incoming converted flow streams and just send the it directly to that port and SPlunk will index it in real time.</P> Wed, 18 Aug 2010 20:59:33 GMT https://community.splunk.com/t5/Getting-Data-In/How-can-I-index-Netflow/m-p/16458#M1990 maverick 2010-08-18T20:59:33Z https://community.splunk.com/t5/Getting-Data-In/How-can-I-index-Netflow/m-p/16459#M1991 <P>See this link for the Splunk for Netflow App: <A href="http://splunkbase.splunk.com/apps/All/4.x/app:Splunk+for+NetFlow">http://splunkbase.splunk.com/apps/All/4.x/app:Splunk+for+NetFlow</A></P> Fri, 18 Mar 2011 09:33:08 GMT https://community.splunk.com/t5/Getting-Data-In/How-can-I-index-Netflow/m-p/16459#M1991 maverick 2011-03-18T09:33:08Z https://community.splunk.com/t5/Getting-Data-In/How-can-I-index-Netflow/m-p/16460#M1992 <P>"Splunk for NetFlow" App is replaced with "NetFlow for Splunk". See this link: <A href="http://splunk-base.splunk.com/apps/22328/netflow-for-splunk-powered-by-netflow-integrator">http://splunk-base.splunk.com/apps/22328/netflow-for-splunk-powered-by-netflow-integrator</A></P> Mon, 21 Jan 2013 23:31:28 GMT https://community.splunk.com/t5/Getting-Data-In/How-can-I-index-Netflow/m-p/16460#M1992 NetFlow_Logic 2013-01-21T23:31:28Z https://community.splunk.com/t5/Getting-Data-In/How-can-I-index-Netflow/m-p/16461#M1993 <P>All previously existing versions of NetFlow Logic Splunk apps have been merged into one NetFlow for Splunk by NetFlow Logic App. See this link <A href="http://apps.splunk.com/app/489/">http://apps.splunk.com/app/489/</A></P> Mon, 10 Mar 2014 18:31:25 GMT https://community.splunk.com/t5/Getting-Data-In/How-can-I-index-Netflow/m-p/16461#M1993 NetFlow_Logic 2014-03-10T18:31:25Z