All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Netflow information is being fetched but not being displayed

shihabhamsa
New Member
‎09-16-2012 04:47 AM

I have tried configuring the netflow app in my splunk 4.3.4.

I can see the nfdump log collecting the data, but nothing is being displayed in the netflow dashboard.

Any idea on how to troubleshoot will be appreciated

0 Karma
Reply

dmiller2010
Path Finder
‎07-14-2013 01:10 PM

Hello Cyphertek,

Thank you for your question, allow me to assist you. What is the device you are trying to collect with the free Splunk App? If it is standard v5, v9 then it should work just fine. However, if you are your trying to collect from something else , you may need to use our Standard Edition software. Can you do the following;

  1. Stop the NetFlow Integrator server from the Application configuration screen
  2. Go to Splunk/etc/apps/netflow/bin//etc
  3. Modify the first line of the server.cfg file as follows

From: TRACE_ERR
To: TRACE_FLOOD

  1. Start the NetFlow Integrator server

Let it run for a few minutes and zip up the log files located in: spunk/etc/app/netflow/logs and please open a support case at: https://netflowlogic.zendesk.com/home

We can take a look and see what is taking place.

Thanks! Damian

0 Karma
Reply

dmiller2010
Path Finder
‎07-15-2013 09:44 AM

If the device can output standard v5 and v9, then it can be processed by the free application. If it is another format, such as IPFIX, then it would need to be processed by our NetFlow Integrator Standard software. Please send the logs when you are able so we can take a look.

0 Karma
Reply

cyphertek
Explorer
‎07-14-2013 03:47 PM

Thank you Damian. I'm trying to capture from an Linksys E2500 router running DD-WRT v24 sp2 firmware. I'm starting to think I may need the Standard Software version. Is that what I should be using to collect from the E2500?

0 Karma
Reply

MarioM
Motivator
‎09-17-2012 11:04 AM

this app use summary indexing then it might take time to populate but the you can check first if you have data with follow searches:

sourcetype=netflow

or

index=netflow_si_traffic

if no data then check internal index for any errors:

index=_internal sourcetype=splunkd ("nfdump" OR "netflow")
0 Karma
Reply

cyphertek
Explorer
‎07-13-2013 09:10 PM

I installed NetFlow for Splunk Powered by NetFlow Integrator 3.1.3 on Splunk 5.0.1 on my Debian server.

I configured UDP data input on 9995 to use "netflow" as the source type and the index of "netflow_si_traffic".

However, there is nothing found when searching "sourcetype=netflow" and "index=netflow_si_traffic".

Also I get "No results found." when going to Overview for All Time in the NetFlow app.

I'm seeing a lot of posts about this app not working…what in the world do I have to do to get this to work?

I appreciate anyone that will help with a real solution!

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...