All Apps and Add-ons
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Netflow Analytics for Splunk: Why am I unable to see data from Palo Alto Networks Firewall?

Nesrinepfe
Path Finder
‎10-24-2016 06:22 AM

Hi,
I have installed Netflow Analytics for Splunk and Splunk Add-on for Netflow.
The problem is that Netflow is not displaying the data is captured. But when I type sourcetype="netflow", I don't have any result. Didn't find the file "nfdump.log". I configured the Palo Alto Networks Firewall to send Netflow data by port 9996. Also, for Splunk, the input data is configured using UDP:

  • 514 for pan:log
  • 9996 for netflow
  • 10514 flowintegrator

Is there any configuration to do?
Please Help me

Best regards

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

NetFlow_Logic
Contributor
‎10-24-2016 08:28 AM

Hi,

Netflow Analytics for Splunk App goes with this Add-on https://splunkbase.splunk.com/app/1838/.

You also need to download NetFlow Integrator (https://www.netflowlogic.com/download/), which handles Palo Alto Networks NetFlow templates.

Best Regards.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

NetFlow_Logic
Contributor
‎10-24-2016 08:28 AM

Hi,

Netflow Analytics for Splunk App goes with this Add-on https://splunkbase.splunk.com/app/1838/.

You also need to download NetFlow Integrator (https://www.netflowlogic.com/download/), which handles Palo Alto Networks NetFlow templates.

Best Regards.

0 Karma
Reply
Solved! Jump to solution

jakemichaelwils
Explorer
‎10-24-2016 11:56 PM

Hello,

You could also try the Scrutinizer add on for Splunk: https://www.plixer.com/splunk-integration.html which includes extensive support for Palo Alto: https://www.plixer.com/palo-alto-networks-integration.html.

Now you have a couple choices.

Hope this helps.

0 Karma
Reply
Solved! Jump to solution

Nesrinepfe
Path Finder
‎10-25-2016 01:51 AM

Thank you very much for your suggestion 🙂
I will check it.
Best regards ^^

0 Karma
Reply
Solved! Jump to solution

TStrauch
Communicator
‎10-24-2016 07:21 AM

Hi,

how does your input.conf stanzas look like?

Have you defined the sourcetype in the input stanza?

Reply
Solved! Jump to solution

Nesrinepfe
Path Finder
‎10-24-2016 07:28 AM

Hi,Thank you very much for your response.I am new user for splunk Netflow can you please explain to me what is input stanza? How can I configure ?

0 Karma
Reply
Solved! Jump to solution

TStrauch
Communicator
‎10-24-2016 07:41 AM

Hi, yes its a little much to explain everything here 😉 But simply have a look at the documentation. Its pretty straight forward.

http://docs.splunk.com/Documentation/AddOns/released/NetFlow/Configureinputs

There you will find everything you need to know to configure the add-on.

kind regards

0 Karma
Reply
Solved! Jump to solution

Nesrinepfe
Path Finder
‎10-24-2016 07:45 AM

Thank you very much.I don't have words to say.
I will try to understand.
Thanks
Best Regard ^^

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing the Expansion of the Splunk Academic Alliance Program

The Splunk Community is more than just an online forum — it’s a network of passionate users, administrators, ...

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Buttercup Games: Further Dashboarding Techniques (Part 7)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
Top