Hi,
I have installed Netflow Analytics for Splunk and Splunk Add-on for Netflow.
The problem is that Netflow is not displaying the data is captured. But when I type sourcetype="netflow", I don't have any result. Didn't find the file "nfdump.log". I configured the Palo Alto Networks Firewall to send Netflow data by port 9996. Also, for Splunk, the input data is configured using UDP:
Is there any configuration to do?
Please Help me
Best regards
Hi,
Netflow Analytics for Splunk App goes with this Add-on https://splunkbase.splunk.com/app/1838/.
You also need to download NetFlow Integrator (https://www.netflowlogic.com/download/), which handles Palo Alto Networks NetFlow templates.
Best Regards.
Hi,
Netflow Analytics for Splunk App goes with this Add-on https://splunkbase.splunk.com/app/1838/.
You also need to download NetFlow Integrator (https://www.netflowlogic.com/download/), which handles Palo Alto Networks NetFlow templates.
Best Regards.
Hello,
You could also try the Scrutinizer add on for Splunk: https://www.plixer.com/splunk-integration.html which includes extensive support for Palo Alto: https://www.plixer.com/palo-alto-networks-integration.html.
Now you have a couple choices.
Hope this helps.
Thank you very much for your suggestion 🙂
I will check it.
Best regards ^^
Hi,
how does your input.conf stanzas look like?
Have you defined the sourcetype in the input stanza?
Hi,Thank you very much for your response.I am new user for splunk Netflow can you please explain to me what is input stanza? How can I configure ?
Hi, yes its a little much to explain everything here 😉 But simply have a look at the documentation. Its pretty straight forward.
http://docs.splunk.com/Documentation/AddOns/released/NetFlow/Configureinputs
There you will find everything you need to know to configure the add-on.
kind regards
Thank you very much.I don't have words to say.
I will try to understand.
Thanks
Best Regard ^^