All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Streamfwd after upgrade to 8.1.5 doesn't parse netflow fields (bytes_in, bytes_out, packets_in, packets_out)

Kim
Explorer
‎05-28-2025 10:59 AM

Hello, colleagues.

I'm using an independent stream forwarder installed on Ubuntu 22.04.05 as a service.

After updating to 8.1.5 bytes_in, bytes_out, packets_in, packets_out are always equal to zero.

If I stop the service and change /opt/streamfwd/bin/streamfwd from 8.1.5 to 8.1.3 and start sert service again, everything is ok. 

Anybody run into this?

thanks.

{ [-]
app_tag: PANA-L7-PEN : ххххххххх
bytes_in: 0
bytes_out: 0
dest_ip: x.x.x.x
dest_port: 55438
endtime: 2025-05-28T15:01:26Z
event_name: netFlowData
exporter_ip: x.x.x.x
exporter_time: 2025-May-28 15:01:26
exporter_uptime: 3148584010
flow_end_reason: 3
flow_end_rel: 0
flow_start_rel: 0
fwd_status: 64
input_snmpidx: 168
netflow_elements: [ [+]
]
netflow_version: 9
observation_domain_id: 1
output_snmpidx: 127
packets_in: 0
packets_out: 0
protoid: 6
selector_id: 0
seqnumber: 2278842767
src_ip: x.x.x.x
src_port: 9997
timestamp: 2025-05-28T15:01:26Z
tos: 0
}

Labels (1)
Labels
0 Karma
Reply
Get Updates on the Splunk Community!

New Release | Splunk Cloud Platform 10.1.2507

Hello Splunk Community!We are thrilled to announce the General Availability of Splunk Cloud Platform 10.1.2507 ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

🗣 You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...

Splunk New Course Releases for a Changing World

Every day, the world feels like it’s moving faster with new technological breakthroughs, AI innovation, and ...