streamfwd 8.1.5 doesn't parse netflow (bytes_in, b...

All Apps and Add-ons

Hello, colleagues.

After upgrading Splunk Stream 8.1.5 stopped parsing bytes_in, bytes_out, packets_in, packets_out, they are always equal to zero...
{ [-]
app_tag: PANA-L7-PEN : xxxxxxxxxxxxx
bytes_in: 0
bytes_out: 0
dest_ip: x.x.x.x
dest_port: xxx
endtime: 2025-05-28T15:01:26Z
event_name: netFlowData
exporter_ip: x.x.x.x
exporter_time: 2025-May-28 15:01:26
exporter_uptime: 3148584010
flow_end_reason: 3
flow_end_rel: 0
flow_start_rel: 0
fwd_status: xx
input_snmpidx: xx
netflow_elements: [ [+]
]
netflow_version: 9
observation_domain_id: 1
output_snmpidx: xxx
packets_in: 0
packets_out: 0
protoid: 6
selector_id: 0
seqnumber: 2278842767
src_ip: x.x.x.x
src_port: 9997
timestamp: 2025-05-28T15:01:26Z
tos: 0
}

I am using an independent streamforwarder with streamfwd installed as a service on linux ubuntu 22.04.5
If I stop the service and replace the streamfwd file with the old version 8.1.3 and start the service again, everything is ok

Anybody run into this?

Thanks!

Get Updates on the Splunk Community!

streamfwd 8.1.5 doesn't parse netflow (bytes_in, bytes_out, packets_in, packets_out) always 0

configuration

troubleshooting

OpenTelemetry for Legacy Apps? Yes, You Can!

UCC Framework: Discover Developer Toolkit for Building Technology Add-ons

.conf25 Community Recap

Are you a member of the Splunk Community?