streamfwd 8.1.5 doesn't parse netflow (bytes_in, b...

All Apps and Add-ons

Hello, colleagues.

After upgrading Splunk Stream 8.1.5 stopped parsing bytes_in, bytes_out, packets_in, packets_out, they are always equal to zero...
{ [-]
app_tag: PANA-L7-PEN : xxxxxxxxxxxxx
bytes_in: 0
bytes_out: 0
dest_ip: x.x.x.x
dest_port: xxx
endtime: 2025-05-28T15:01:26Z
event_name: netFlowData
exporter_ip: x.x.x.x
exporter_time: 2025-May-28 15:01:26
exporter_uptime: 3148584010
flow_end_reason: 3
flow_end_rel: 0
flow_start_rel: 0
fwd_status: xx
input_snmpidx: xx
netflow_elements: [ [+]
]
netflow_version: 9
observation_domain_id: 1
output_snmpidx: xxx
packets_in: 0
packets_out: 0
protoid: 6
selector_id: 0
seqnumber: 2278842767
src_ip: x.x.x.x
src_port: 9997
timestamp: 2025-05-28T15:01:26Z
tos: 0
}

I am using an independent streamforwarder with streamfwd installed as a service on linux ubuntu 22.04.5
If I stop the service and replace the streamfwd file with the old version 8.1.3 and start the service again, everything is ok

Anybody run into this?

Thanks!

Get Updates on the Splunk Community!

streamfwd 8.1.5 doesn't parse netflow (bytes_in, bytes_out, packets_in, packets_out) always 0

configuration

troubleshooting

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

October Community Champions: A Shoutout to Our Contributors!

Are you a member of the Splunk Community?