Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: NetFlow for Splunk not working after upgrading...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have searched around the splunkbase quite a bit and have not yet found a solution. We were previously using the nfdump solution. We upgraded to the NetFlow Integrator 3.0.2 and now we don't get any data. The Integrator is configured to listen on port 9995. There is definitely traffic coming in on 9995, the UDP input for 9995 is configured, but I do not get any results when searching for "sourcetype=netflow". I've also tried removing the directory from /opt/splunk/etc/apps/ and reinstalling the app after that. Any assistance would be greatly appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for taking the time to work with us today. As we discovered you are sending NetFlow v9 and NetFlow for Splunk currently supports NetFlow v5. Our Standard Edition supports v5, v9, jFlow, and NSEL.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for taking the time to work with us today. As we discovered you are sending NetFlow v9 and NetFlow for Splunk currently supports NetFlow v5. Our Standard Edition supports v5, v9, jFlow, and NSEL.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the call yesterday. If I get some spare time, I may set up a test server with the standard edition.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello sgardne, I am sorry to hear that you are having some issues and I would be happy to assist you. The app creates a default data input as follows;
UDP Port: 11514
source type: netflow
It appears you have everything configured correctly, would you be available for a secure remote session via WebEx so we can take a look? Please contact us at: support@netflowlogic.com and include your company contact info and we can schedule a session.
Thank You!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I left the default one in the inputs list and created a new UDP input and manually set its type to "netflow". I will come to your site and see about doing a remote session. Thanks.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Also it would appear the server is not even listening on port 9995.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Edit: I have tried suggestions in the following splunkbase questions:
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Index This | What travels the world but is also stuck in place?
Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data
Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...
