I have installed Netflow Analytics for Splunk and Splunk Add-on for Netflow.
The problem is that Netflow is not displaying the data is captured. But when I type sourcetype="netflow", I don't have any result. Didn't find the file "nfdump.log". I configured the Palo Alto Networks Firewall to send Netflow data by port 9996. Also, for Splunk, the input data is configured using UDP:
Is there any configuration to do?
Please Help me
You could also try the Scrutinizer add on for Splunk: https://www.plixer.com/splunk-integration.html which includes extensive support for Palo Alto: https://www.plixer.com/palo-alto-networks-integration.html.
Now you have a couple choices.
Hope this helps.
Hi, yes its a little much to explain everything here 😉 But simply have a look at the documentation. Its pretty straight forward.
There you will find everything you need to know to configure the add-on.