Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
All Apps and Add-ons
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- Several inputs enabled after Splunk_TA_ipfix insta...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Several inputs enabled after Splunk_TA_ipfix installed
mwong
Splunk Employee
01-12-2015
12:32 AM
After installing the Splunk_TA_ipfix add-on, it is found that several settings are inserted to Splunk inputs.
C:\matthew\Splunk621\etc\apps\Splunk_TA_ipfix\default\inputs.conf [MonitorNoHandle]
C:\matthew\Splunk621\etc\system\default\inputs.conf _rcvbuf = 1572864
C:\matthew\Splunk621\etc\apps\Splunk_TA_ipfix\default\inputs.conf address = 0.0.0.0
C:\matthew\Splunk621\etc\system\default\inputs.conf baseline = 0
C:\matthew\Splunk621\etc\apps\Splunk_TA_ipfix\default\inputs.conf buffer = 10485760
C:\matthew\Splunk621\etc\system\default\inputs.conf evt_dc_name =
C:\matthew\Splunk621\etc\system\default\inputs.conf evt_dns_name =
C:\matthew\Splunk621\etc\system\default\inputs.conf evt_resolve_ad_obj = 0
host = percy
index = default
C:\matthew\Splunk621\etc\system\default\inputs.conf interval = 60
C:\matthew\Splunk621\etc\apps\Splunk_TA_ipfix\default\inputs.conf port = 4739
C:\matthew\Splunk621\etc\apps\Splunk_TA_ipfix\default\inputs.conf [SSL]
C:\matthew\Splunk621\etc\system\default\inputs.conf _rcvbuf = 1572864
C:\matthew\Splunk621\etc\apps\Splunk_TA_ipfix\default\inputs.conf address = 0.0.0.0
C:\matthew\Splunk621\etc\system\default\inputs.conf allowSslRenegotiation = true
C:\matthew\Splunk621\etc\system\default\inputs.conf baseline = 0
C:\matthew\Splunk621\etc\apps\Splunk_TA_ipfix\default\inputs.conf buffer = 10485760
C:\matthew\Splunk621\etc\system\default\inputs.conf cipherSuite = ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
C:\matthew\Splunk621\etc\apps\Splunk_TA_windows\default\inputs.conf evt_dc_name =
C:\matthew\Splunk621\etc\apps\Splunk_TA_windows\default\inputs.conf evt_dns_name =
C:\matthew\Splunk621\etc\system\default\inputs.conf evt_resolve_ad_obj = 0
C:\matthew\Splunk621\etc\system\local\inputs.conf host = percy
C:\matthew\Splunk621\etc\system\default\inputs.conf index = default
C:\matthew\Splunk621\etc\system\default\inputs.conf interval = 60
C:\matthew\Splunk621\etc\apps\Splunk_TA_ipfix\default\inputs.conf port = 4739
C:\matthew\Splunk621\etc\system\default\inputs.conf sslQuietShutdown = false
C:\matthew\Splunk621\etc\apps\Splunk_TA_ipfix\default\inputs.conf [WinEventLog]
C:\matthew\Splunk621\etc\system\default\inputs.conf _rcvbuf = 1572864
C:\matthew\Splunk621\etc\apps\Splunk_TA_ipfix\default\inputs.conf address = 0.0.0.0
C:\matthew\Splunk621\etc\system\default\inputs.conf baseline = 0
C:\matthew\Splunk621\etc\apps\Splunk_TA_ipfix\default\inputs.conf buffer = 10485760
C:\matthew\Splunk621\etc\system\default\inputs.conf evt_dc_name =
C:\matthew\Splunk621\etc\system\default\inputs.conf evt_dns_name =
C:\matthew\Splunk621\etc\system\default\inputs.conf evt_resolve_ad_obj = 0
host = percy
index = default
C:\matthew\Splunk621\etc\system\default\inputs.conf interval = 60
C:\matthew\Splunk621\etc\apps\Splunk_TA_ipfix\default\inputs.conf port = 4739
C:\matthew\Splunk621\etc\apps\Splunk_TA_windows\local\inputs.conf [WinEventLog://Application]
C:\matthew\Splunk621\etc\system\default\inputs.conf _rcvbuf = 1572864
C:\matthew\Splunk621\etc\apps\Splunk_TA_ipfix\default\inputs.conf address = 0.0.0.0
C:\matthew\Splunk621\etc\system\default\inputs.conf baseline = 0
C:\matthew\Splunk621\etc\apps\Splunk_TA_ipfix\default\inputs.conf buffer = 10485760
C:\matthew\Splunk621\etc\apps\Splunk_TA_windows\default\inputs.conf checkpointInterval = 5
C:\matthew\Splunk621\etc\apps\Splunk_TA_windows\default\inputs.conf current_only = 0
C:\matthew\Splunk621\etc\apps\Splunk_TA_windows\local\inputs.conf disabled = 0
C:\matthew\Splunk621\etc\system\default\inputs.conf evt_dc_name =
C:\matthew\Splunk621\etc\system\default\inputs.conf evt_dns_name =
C:\matthew\Splunk621\etc\system\default\inputs.conf evt_resolve_ad_obj = 0
host = percy
C:\matthew\Splunk621\etc\apps\Splunk_TA_windows\default\inputs.conf index = wineventlog
C:\matthew\Splunk621\etc\system\default\inputs.conf interval = 60
C:\matthew\Splunk621\etc\apps\Splunk_TA_ipfix\default\inputs.conf port = 4739
C:\matthew\Splunk621\etc\apps\Splunk_TA_windows\default\inputs.conf renderXml = false
C:\matthew\Splunk621\etc\apps\Splunk_TA_windows\default\inputs.conf start_from = oldest
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jcoates_splunk
Splunk Employee
05-24-2015
11:01 AM
Hello from the future... this is now using modular inputs and doesn't enable inputs by default.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
mwong
Splunk Employee
01-12-2015
12:42 AM
For the Splunk_TA_ipfix app, the inputs should be modular input, the setting should be like below:
[ipfix://NetScaler_AppFlow]
sourcetype = xxx
index = aaaa
address = 0.0.0.0
port = 4739
buffer = 1048576
disabled = 0
However the default inputs.conf in the app, I would suggest to comment the stanza as it causes all the inputs having some weird settings.
#[ipfix]
#address = 0.0.0.0
#port = 4739
#buffer = 10485760
Get Updates on the Splunk Community!
.conf25 Registration is OPEN!
Ready. Set. Splunk!
Your favorite Splunk user event is back and better than ever. Get ready for more technical ...
Detecting Cross-Channel Fraud with Splunk
This article is the final installment in our three-part series exploring fraud detection techniques using ...
Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside
Pack your bags (and maybe your dancing shoes)—Cisco Live is heading to San Diego, June 8–12, 2025, and Splunk ...
