Are you a member of the Splunk Community?
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- "NetFlow for Splunk powered by NetFlow Integrator"...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi there,
We are just looking at using Netflow for our Cisco ASA's rather than using syslog (networks request). However, we are experiencing issues with the "NetFlow for Splunk powered by NetFlow Integrator" App... We can see traffic for UDP/9995 being received by the hosting server. However we are not seeing any data in Splunk.
There are no errors in any of the app log files, or in Splunk log files
This is a standard installation of the app (i.e. standard install/config, accepted license) on a single server.
Is there any points that we can look into?
Thanks in advance.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The differences are as follows;
NetFlow for Splunk App
- NetFlow Integrator is bundled with the App
- NetFlow v5, v9
- Conversion of NetFlow one to one
Ideal for less than 100 flow records per second
NetFlow for Splunk Essential App
- NetFlow Integrator is bundled with the App
- NetFlow v5, v9
- Conversion of NetFlow with Consolidation - Consolidation greatly reduces the storage demands of NetFlow
Ideal for more than 100 flow records per second
NetFlowIntegrator Standard
- NetFlow Integrator Software, Not an App
- NetFlow v5, v9, PAN v9, NSEL
- Conversion of NetFlow with Consolidation options
- Rules
- Watch Lists
Splunk Apps
- Network Traffic Monitor for Standard
- Network Device Monitor for Standard
- Cisco ASA Monitor for Standard
- Top Talkers Monitor for Standard
Let me know if that helps clarify the differences
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The differences are as follows;
NetFlow for Splunk App
- NetFlow Integrator is bundled with the App
- NetFlow v5, v9
- Conversion of NetFlow one to one
Ideal for less than 100 flow records per second
NetFlow for Splunk Essential App
- NetFlow Integrator is bundled with the App
- NetFlow v5, v9
- Conversion of NetFlow with Consolidation - Consolidation greatly reduces the storage demands of NetFlow
Ideal for more than 100 flow records per second
NetFlowIntegrator Standard
- NetFlow Integrator Software, Not an App
- NetFlow v5, v9, PAN v9, NSEL
- Conversion of NetFlow with Consolidation options
- Rules
- Watch Lists
Splunk Apps
- Network Traffic Monitor for Standard
- Network Device Monitor for Standard
- Cisco ASA Monitor for Standard
- Top Talkers Monitor for Standard
Let me know if that helps clarify the differences
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That's great thanks.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The NetFlow for Splunk app does not support Cisco ASA NSEL, however, you can use our Standard Edition software available on our web site as a 30-Day free trial at: www.netflowlogic.com along with our most recent Splunk App - Cisco ASA Monitor available on Splunkbase at: http://splunk-base.splunk.com/apps/72686/cisco-asa-monitor-for-netflow-standard
You can install our software in minutes, begin converting NSEL into Syslog, and utilize the Cisco ASA Monitor App to gain immediate insights such as;
Top Bandwidth Consumers
Top Destinations
Top Violators
Top Connectors
Let us know if you have any questions, or require any assistance with configuration by contacting support at: https://netflowlogic.zendesk.com/home
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@dmiller2010, What is the difference with the integrator versions then?
Community Content Calendar, September edition
Splunkbase Unveils New App Listing Management Public Preview
Leveraging Automated Threat Analysis Across the Splunk Ecosystem
