All Apps and Add-ons

Netflow Analytics for Splunk: Why am I unable to see data from Palo Alto Networks Firewall?

Nesrinepfe
Path Finder

Hi,
I have installed Netflow Analytics for Splunk and Splunk Add-on for Netflow.
The problem is that Netflow is not displaying the data is captured. But when I type sourcetype="netflow", I don't have any result. Didn't find the file "nfdump.log". I configured the Palo Alto Networks Firewall to send Netflow data by port 9996. Also, for Splunk, the input data is configured using UDP:

  • 514 for pan:log
  • 9996 for netflow
  • 10514 flowintegrator

Is there any configuration to do?
Please Help me

Best regards

0 Karma
1 Solution

NetFlow_Logic
Contributor

Hi,

Netflow Analytics for Splunk App goes with this Add-on https://splunkbase.splunk.com/app/1838/.

You also need to download NetFlow Integrator (https://www.netflowlogic.com/download/), which handles Palo Alto Networks NetFlow templates.

Best Regards.

View solution in original post

0 Karma

NetFlow_Logic
Contributor

Hi,

Netflow Analytics for Splunk App goes with this Add-on https://splunkbase.splunk.com/app/1838/.

You also need to download NetFlow Integrator (https://www.netflowlogic.com/download/), which handles Palo Alto Networks NetFlow templates.

Best Regards.

0 Karma

jakemichaelwils
Explorer

Hello,

You could also try the Scrutinizer add on for Splunk: https://www.plixer.com/splunk-integration.html which includes extensive support for Palo Alto: https://www.plixer.com/palo-alto-networks-integration.html.

Now you have a couple choices.

Hope this helps.

0 Karma

Nesrinepfe
Path Finder

Thank you very much for your suggestion 🙂
I will check it.
Best regards ^^

0 Karma

TStrauch
Communicator

Hi,

how does your input.conf stanzas look like?

Have you defined the sourcetype in the input stanza?

Nesrinepfe
Path Finder

Hi,Thank you very much for your response.I am new user for splunk Netflow can you please explain to me what is input stanza? How can I configure ?

0 Karma

TStrauch
Communicator

Hi, yes its a little much to explain everything here 😉 But simply have a look at the documentation. Its pretty straight forward.

http://docs.splunk.com/Documentation/AddOns/released/NetFlow/Configureinputs

There you will find everything you need to know to configure the add-on.

kind regards

0 Karma

Nesrinepfe
Path Finder

Thank you very much.I don't have words to say.
I will try to understand.
Thanks
Best Regard ^^

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Unified Identity - Now Available for Existing Splunk ...

Raise your hand if you’ve already forgotten your username or password when logging into an account. (We can’t ...

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...