I've installed Splunk Stream v 7.1.1. And streamfwd proccess is running. I'm trying to make it listen for the netflow information from the router:
[streamfwd]
port = 8890
ipAddr = 127.0.0.1
netflowReceiver.0.ip = 127.0.0.1
netflowReceiver.0.port = 9998
netflowReceiver.0.decoder = netflow
But I don't see any process listening on UDP port 9998.
What can be the issue?
@rtiulmankov do you have a netflow stream enabled? Is there anything in streamfwd.log?
@vshcherbakov_splunk there was nothing bad in streamfwd.log, just that the service started. I've reinstalled splunk stream using package and it's listening on the correct port now.