streamfwd 8.1.5 doesn't parse netflow (bytes_in, b...

All Apps and Add-ons

Hello, colleagues.

After upgrading Splunk Stream 8.1.5 stopped parsing bytes_in, bytes_out, packets_in, packets_out, they are always equal to zero...
{ [-]
app_tag: PANA-L7-PEN : xxxxxxxxxxxxx
bytes_in: 0
bytes_out: 0
dest_ip: x.x.x.x
dest_port: xxx
endtime: 2025-05-28T15:01:26Z
event_name: netFlowData
exporter_ip: x.x.x.x
exporter_time: 2025-May-28 15:01:26
exporter_uptime: 3148584010
flow_end_reason: 3
flow_end_rel: 0
flow_start_rel: 0
fwd_status: xx
input_snmpidx: xx
netflow_elements: [ [+]
]
netflow_version: 9
observation_domain_id: 1
output_snmpidx: xxx
packets_in: 0
packets_out: 0
protoid: 6
selector_id: 0
seqnumber: 2278842767
src_ip: x.x.x.x
src_port: 9997
timestamp: 2025-05-28T15:01:26Z
tos: 0
}

I am using an independent streamforwarder with streamfwd installed as a service on linux ubuntu 22.04.5
If I stop the service and replace the streamfwd file with the old version 8.1.3 and start the service again, everything is ok

Anybody run into this?

Thanks!

Get Updates on the Splunk Community!

streamfwd 8.1.5 doesn't parse netflow (bytes_in, bytes_out, packets_in, packets_out) always 0

configuration

troubleshooting

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to ...

Join the Conversation