I have configured splunk stream app to collect netflow data from network.
Incoming data is being collected and indexed well, however some fields in search output are shown as below:
netflow_elements: [ [-]
UNKNOWN : 0ab132f5
UNKNOWN : 0ab1320b
UNKNOWN : 9f99
UNKNOWN : 00a1
UNKNOWN : 02
UNKNOWN : 07e9
Netflow exporter device is Cisco ASA Version 8.4(4)1.
I need to know an approach how to display these fields in a correct way.
Hi, did you manage to decode these values? I have the same problem with Cisco High Speed Logging.