All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

"NetFlow for Splunk powered by NetFlow Integrator" not working correctly for Cisco ASA

SplunkFu
Path Finder
‎02-26-2013 01:36 AM

Hi there,

We are just looking at using Netflow for our Cisco ASA's rather than using syslog (networks request). However, we are experiencing issues with the "NetFlow for Splunk powered by NetFlow Integrator" App... We can see traffic for UDP/9995 being received by the hosting server. However we are not seeing any data in Splunk.

There are no errors in any of the app log files, or in Splunk log files

This is a standard installation of the app (i.e. standard install/config, accepted license) on a single server.

Is there any points that we can look into?

Thanks in advance.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

dmiller2010
Path Finder
‎02-27-2013 11:44 AM

The differences are as follows;

NetFlow for Splunk App

  • NetFlow Integrator is bundled with the App
  • NetFlow v5, v9
  • Conversion of NetFlow one to one

Ideal for less than 100 flow records per second

NetFlow for Splunk Essential App

  • NetFlow Integrator is bundled with the App
  • NetFlow v5, v9
  • Conversion of NetFlow with Consolidation - Consolidation greatly reduces the storage demands of NetFlow

Ideal for more than 100 flow records per second

NetFlowIntegrator Standard

  • NetFlow Integrator Software, Not an App
  • NetFlow v5, v9, PAN v9, NSEL
  • Conversion of NetFlow with Consolidation options
  • Rules
  • Watch Lists

Splunk Apps

  • Network Traffic Monitor for Standard
  • Network Device Monitor for Standard
  • Cisco ASA Monitor for Standard
  • Top Talkers Monitor for Standard

Let me know if that helps clarify the differences

View solution in original post

Reply
Solved! Jump to solution
Solution

dmiller2010
Path Finder
‎02-27-2013 11:44 AM

The differences are as follows;

NetFlow for Splunk App

  • NetFlow Integrator is bundled with the App
  • NetFlow v5, v9
  • Conversion of NetFlow one to one

Ideal for less than 100 flow records per second

NetFlow for Splunk Essential App

  • NetFlow Integrator is bundled with the App
  • NetFlow v5, v9
  • Conversion of NetFlow with Consolidation - Consolidation greatly reduces the storage demands of NetFlow

Ideal for more than 100 flow records per second

NetFlowIntegrator Standard

  • NetFlow Integrator Software, Not an App
  • NetFlow v5, v9, PAN v9, NSEL
  • Conversion of NetFlow with Consolidation options
  • Rules
  • Watch Lists

Splunk Apps

  • Network Traffic Monitor for Standard
  • Network Device Monitor for Standard
  • Cisco ASA Monitor for Standard
  • Top Talkers Monitor for Standard

Let me know if that helps clarify the differences

Reply
Solved! Jump to solution

SplunkFu
Path Finder
‎02-28-2013 01:02 AM

That's great thanks.

0 Karma
Reply
Solved! Jump to solution

dmiller2010
Path Finder
‎02-26-2013 09:14 AM

The NetFlow for Splunk app does not support Cisco ASA NSEL, however, you can use our Standard Edition software available on our web site as a 30-Day free trial at: www.netflowlogic.com along with our most recent Splunk App - Cisco ASA Monitor available on Splunkbase at: http://splunk-base.splunk.com/apps/72686/cisco-asa-monitor-for-netflow-standard

You can install our software in minutes, begin converting NSEL into Syslog, and utilize the Cisco ASA Monitor App to gain immediate insights such as;

Top Bandwidth Consumers
Top Destinations
Top Violators
Top Connectors

Let us know if you have any questions, or require any assistance with configuration by contacting support at: https://netflowlogic.zendesk.com/home

Reply
Solved! Jump to solution

SplunkFu
Path Finder
‎02-27-2013 01:09 AM

@dmiller2010, What is the difference with the integrator versions then?

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

If you’re unfamiliar, .conf is Splunk’s premier event where the Splunk community, customers, partners, and ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

There’s something special about this time of year—maybe it’s the glow of the holidays, maybe it’s the ...

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to ...

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to Officially Supported Splunk ...