https://community.splunk.com/t5/Getting-Data-In/Splunk-Stream/m-p/505386#M86115 <P>Dear</P><P>I am using network monitoring sensor (linux machine). I have deployed universal forwarder on this sensor. What i am looking for is to ingest IPFIX data directly from incoming interface on this sensor (eth0) or from a directory (file) and send this data to the Indexer.&nbsp;</P><P>Looking to a Splink Stream documentation I cant find proper way to solve this problem.</P><P>Looking forward to reading from you soon</P> Sun, 21 Jun 2020 16:43:13 GMT mdespot 2020-06-21T16:43:13Z https://community.splunk.com/t5/Getting-Data-In/Splunk-Stream/m-p/505386#M86115 <P>Dear</P><P>I am using network monitoring sensor (linux machine). I have deployed universal forwarder on this sensor. What i am looking for is to ingest IPFIX data directly from incoming interface on this sensor (eth0) or from a directory (file) and send this data to the Indexer.&nbsp;</P><P>Looking to a Splink Stream documentation I cant find proper way to solve this problem.</P><P>Looking forward to reading from you soon</P> Sun, 21 Jun 2020 16:43:13 GMT https://community.splunk.com/t5/Getting-Data-In/Splunk-Stream/m-p/505386#M86115 mdespot 2020-06-21T16:43:13Z https://community.splunk.com/t5/Getting-Data-In/Splunk-Stream/m-p/505408#M86116 <P class="lia-align-left">Have you gone through the Splunk Stream Supported protocols?&nbsp;<A href="https://docs.splunk.com/Documentation/StreamApp/7.2.0/DeployStreamApp/ProtocolDetection" target="_blank">https://docs.splunk.com/Documentation/StreamApp/7.2.0/DeployStreamApp/ProtocolDetection</A>&nbsp;You'll notice, that IPFIX is not listed here.</P><P class="lia-align-left">Now that being said, you can use Netflow to aggregate IPFIX flows into stream. This is documented here :&nbsp;<A href="https://docs.splunk.com/Documentation/StreamApp/7.2.0/DeployStreamApp/UseStreamtoingestNetflowandIPFIXdata" target="_blank">https://docs.splunk.com/Documentation/StreamApp/7.2.0/DeployStreamApp/UseStreamtoingestNetflowandIPFIXdata</A>.&nbsp;</P><P class="lia-align-left">Another option is that you can also ingest pcap files that have IPFIX in them also :&nbsp;<A href="https://docs.splunk.com/Documentation/StreamApp/7.2.0/DeployStreamApp/UseStreamtoparsePCAPfiles" target="_blank">https://docs.splunk.com/Documentation/StreamApp/7.2.0/DeployStreamApp/UseStreamtoparsePCAPfiles</A></P><P class="lia-align-left">Most of your stream questions regarding configuration, deployment, and protocol support can be found here :&nbsp;<A href="https://docs.splunk.com/Documentation/StreamApp/7.2.0/DeployStreamApp/AboutSplunkAppforStream" target="_blank">https://docs.splunk.com/Documentation/StreamApp/7.2.0/DeployStreamApp/AboutSplunkAppforStream</A></P><P class="lia-align-left">&nbsp;</P> Mon, 22 Jun 2020 01:26:49 GMT https://community.splunk.com/t5/Getting-Data-In/Splunk-Stream/m-p/505408#M86116 esix_splunk 2020-06-22T01:26:49Z