All Apps and Add-ons

Netflow information is being fetched but not being displayed

New Member

I have tried configuring the netflow app in my splunk 4.3.4.

I can see the nfdump log collecting the data, but nothing is being displayed in the netflow dashboard.

Any idea on how to troubleshoot will be appreciated

0 Karma

Path Finder

Hello Cyphertek,

Thank you for your question, allow me to assist you. What is the device you are trying to collect with the free Splunk App? If it is standard v5, v9 then it should work just fine. However, if you are your trying to collect from something else , you may need to use our Standard Edition software. Can you do the following;

  1. Stop the NetFlow Integrator server from the Application configuration screen
  2. Go to Splunk/etc/apps/netflow/bin//etc
  3. Modify the first line of the server.cfg file as follows


  1. Start the NetFlow Integrator server

Let it run for a few minutes and zip up the log files located in: spunk/etc/app/netflow/logs and please open a support case at:

We can take a look and see what is taking place.

Thanks! Damian

0 Karma

Path Finder

If the device can output standard v5 and v9, then it can be processed by the free application. If it is another format, such as IPFIX, then it would need to be processed by our NetFlow Integrator Standard software. Please send the logs when you are able so we can take a look.

0 Karma


Thank you Damian. I'm trying to capture from an Linksys E2500 router running DD-WRT v24 sp2 firmware. I'm starting to think I may need the Standard Software version. Is that what I should be using to collect from the E2500?

0 Karma


this app use summary indexing then it might take time to populate but the you can check first if you have data with follow searches:




if no data then check internal index for any errors:

index=_internal sourcetype=splunkd ("nfdump" OR "netflow")
0 Karma


I installed NetFlow for Splunk Powered by NetFlow Integrator 3.1.3 on Splunk 5.0.1 on my Debian server.

I configured UDP data input on 9995 to use "netflow" as the source type and the index of "netflow_si_traffic".

However, there is nothing found when searching "sourcetype=netflow" and "index=netflow_si_traffic".

Also I get "No results found." when going to Overview for All Time in the NetFlow app.

I'm seeing a lot of posts about this app not working…what in the world do I have to do to get this to work?

I appreciate anyone that will help with a real solution!

0 Karma
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Get the T-shirt to Prove You Survived Splunk University Bootcamp

As if Splunk University, in Las Vegas, in-person, with three days of bootcamps and labs weren’t enough, now ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...