All Apps and Add-ons

Time is always off and need to select past 4 hours or All Time to see Flow data

johns3
Path Finder

Great app so far aside from it not being able to read IPFIX which is required for VMware vSphere NetFlow collection on the vDS.

Other than the IPFIX problem, I have run into one other problem - I have done several installs of Splunk with this app and for some reason the timestamps or the time the app uses is always off by several hours or so. So, once you start collecting flows you have to choose past 4 hours or all time to see your flows which is not good for doing analytics. The time on my servers are correct.

Has anyone run into this problem before and know how to fix it?

0 Karma

NetFlow_Logic
Contributor

All previously existing versions of NetFlow Logic Splunk apps have been merged into one NetFlow for Splunk by NetFlow Logic App. See this link http://apps.splunk.com/app/489/

0 Karma

jeburkes76
Explorer

I am having the same problem. Netflow Integrator is time stamping flow data 4 hours earlier than when it is actually received. I am running Splunk with several other apps with zero problems. I have verified the system time and source time. I ran a netflow tester and found the data is coming in correctly with the correct time stamp.

Setup:
Splunk 5.0.4 build 172409
NetFlow for Splunk Powered by NetFlow Integrator 3.1.4

I have done several uninstalls/reinstalls of both Splunk and apps and can reproduce the problem.

0 Karma

gavind
Explorer

Hi Operator, were you able to finally found a fix for this yet?

0 Karma

dmiller2010
Path Finder

Thanks for the feedback! Are you running our latest version of the app? I have not heard of this behavior before, would you be able to do a secure remote session so I can take a look at this on your setup? Just send me an email to support@netflowlogic.com - thanks!

0 Karma
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...