https://community.splunk.com/t5/Getting-Data-In/Splunk-on-WINDOWS-Getting-NetFlow-into-Splunk/m-p/51783#M9930 <P>I would install wireshark on the Windows 2008 server and check to make sure it is receiving the traffic on 9996.</P> Tue, 01 Mar 2011 22:39:07 GMT treinke 2011-03-01T22:39:07Z https://community.splunk.com/t5/Getting-Data-In/Splunk-on-WINDOWS-Getting-NetFlow-into-Splunk/m-p/51782#M9929 <P>Hi I'm new to Splunk and the tools looks very interesting - Currently Evaluating to replace ORiON SolarWinds APM.</P> <P>However I'm a bit stuck.</P> <P>I'n running Splunk on Windows 2008-R2 x64 and have created a TCP data Input Port 9996 for NetFlow.</P> <P>I've added the following commands to my router: logging 10.32.110.110 ip flow-export destination 10.32.110.110 9996</P> <P>But don't seem to be getting anything in Splunk for this hardware. can someone help. I've tried searching the documentation but feel that what woudl be really handy is if someone had a Step By Step Quide for commond configs, such as netFlow, Syslog and Windows Events...</P> <P>HELP.... <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> <P>Thanks In Advance</P> Tue, 01 Mar 2011 18:43:14 GMT https://community.splunk.com/t5/Getting-Data-In/Splunk-on-WINDOWS-Getting-NetFlow-into-Splunk/m-p/51782#M9929 staces65 2011-03-01T18:43:14Z https://community.splunk.com/t5/Getting-Data-In/Splunk-on-WINDOWS-Getting-NetFlow-into-Splunk/m-p/51783#M9930 <P>I would install wireshark on the Windows 2008 server and check to make sure it is receiving the traffic on 9996.</P> Tue, 01 Mar 2011 22:39:07 GMT https://community.splunk.com/t5/Getting-Data-In/Splunk-on-WINDOWS-Getting-NetFlow-into-Splunk/m-p/51783#M9930 treinke 2011-03-01T22:39:07Z https://community.splunk.com/t5/Getting-Data-In/Splunk-on-WINDOWS-Getting-NetFlow-into-Splunk/m-p/51784#M9931 <P>I think this has been covered several times in other answers posts. Netflow over-the-wire is not a textual format. It is a very dense binary format, and needs the assistance of some tools to format the netflow binary data into something textual (and therefore consumable by Splunk).</P> <P>There is an existing app in SplunkBase, <A href="http://splunkbase.splunk.com/apps/All/4.x/app:Splunk+for+NetFlow" rel="nofollow">http://splunkbase.splunk.com/apps/All/4.x/app:Splunk+for+NetFlow</A> that has some of the necessary plumbing in place. It depends on the nfdump tool from <A href="http://nfdump.sourceforge.net/" rel="nofollow">http://nfdump.sourceforge.net/</A> . Whether or not nfdump works on windows is probably going to be your biggest hurdle to manage.</P> <P>Some other related answers:</P> <P><A href="http://answers.splunk.com/questions/10242/how-to-configure-nfdump-to-convert-netflow-data-from-binary-to-text-or-csv" rel="nofollow">http://answers.splunk.com/questions/10242/how-to-configure-nfdump-to-convert-netflow-data-from-binary-to-text-or-csv</A></P> <P><A href="http://answers.splunk.com/questions/8162/how-can-i-use-netflow-in-splunk-when-its-on-a-windows-box-without-buying-more-so" rel="nofollow">http://answers.splunk.com/questions/8162/how-can-i-use-netflow-in-splunk-when-its-on-a-windows-box-without-buying-more-so</A></P> <P><A href="http://answers.splunk.com/questions/4186/how-can-i-index-netflow" rel="nofollow">http://answers.splunk.com/questions/4186/how-can-i-index-netflow</A></P> Tue, 01 Mar 2011 23:35:57 GMT https://community.splunk.com/t5/Getting-Data-In/Splunk-on-WINDOWS-Getting-NetFlow-into-Splunk/m-p/51784#M9931 dwaddle 2011-03-01T23:35:57Z