All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Netflow Analytics for Splunk: Why am I unable to see data from Palo Alto Networks Firewall?

Nesrinepfe
Path Finder
‎10-24-2016 06:22 AM

Hi,
I have installed Netflow Analytics for Splunk and Splunk Add-on for Netflow.
The problem is that Netflow is not displaying the data is captured. But when I type sourcetype="netflow", I don't have any result. Didn't find the file "nfdump.log". I configured the Palo Alto Networks Firewall to send Netflow data by port 9996. Also, for Splunk, the input data is configured using UDP:

  • 514 for pan:log
  • 9996 for netflow
  • 10514 flowintegrator

Is there any configuration to do?
Please Help me

Best regards

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

NetFlow_Logic
Contributor
‎10-24-2016 08:28 AM

Hi,

Netflow Analytics for Splunk App goes with this Add-on https://splunkbase.splunk.com/app/1838/.

You also need to download NetFlow Integrator (https://www.netflowlogic.com/download/), which handles Palo Alto Networks NetFlow templates.

Best Regards.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

NetFlow_Logic
Contributor
‎10-24-2016 08:28 AM

Hi,

Netflow Analytics for Splunk App goes with this Add-on https://splunkbase.splunk.com/app/1838/.

You also need to download NetFlow Integrator (https://www.netflowlogic.com/download/), which handles Palo Alto Networks NetFlow templates.

Best Regards.

0 Karma
Reply
Solved! Jump to solution

jakemichaelwils
Explorer
‎10-24-2016 11:56 PM

Hello,

You could also try the Scrutinizer add on for Splunk: https://www.plixer.com/splunk-integration.html which includes extensive support for Palo Alto: https://www.plixer.com/palo-alto-networks-integration.html.

Now you have a couple choices.

Hope this helps.

0 Karma
Reply
Solved! Jump to solution

Nesrinepfe
Path Finder
‎10-25-2016 01:51 AM

Thank you very much for your suggestion 🙂
I will check it.
Best regards ^^

0 Karma
Reply
Solved! Jump to solution

TStrauch
Communicator
‎10-24-2016 07:21 AM

Hi,

how does your input.conf stanzas look like?

Have you defined the sourcetype in the input stanza?

Reply
Solved! Jump to solution

Nesrinepfe
Path Finder
‎10-24-2016 07:28 AM

Hi,Thank you very much for your response.I am new user for splunk Netflow can you please explain to me what is input stanza? How can I configure ?

0 Karma
Reply
Solved! Jump to solution

TStrauch
Communicator
‎10-24-2016 07:41 AM

Hi, yes its a little much to explain everything here 😉 But simply have a look at the documentation. Its pretty straight forward.

http://docs.splunk.com/Documentation/AddOns/released/NetFlow/Configureinputs

There you will find everything you need to know to configure the add-on.

kind regards

0 Karma
Reply
Solved! Jump to solution

Nesrinepfe
Path Finder
‎10-24-2016 07:45 AM

Thank you very much.I don't have words to say.
I will try to understand.
Thanks
Best Regard ^^

0 Karma
Reply
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...