Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Stream Addon setup with Netflow from Firewall

Crashfry
Path Finder
‎12-14-2018 10:55 AM

So I have followed the most basic steps to setup the Stream TA within our test environment which is a single deployment instance. Setup the TA and ran the permissions file which seemed to work fine with no errors. I moved the streamfwd.conf file into the local directory of the instance and used the local IP address, the port for receiving that Netflow will be pointing to as well as the source being Netflow data. Restart Splunk as it seems this is the basic setup for ingesting Netflow data that is being sent to the server. Is this a correct assumption? I notice though that the port that i'm assuming should be listening is not when running a netstat and I have seen a couple questions on here regarding this issue of the port not listening after configuration - what am i missing with this? Is there further configuration from the Splunk side to get this going?

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Crashfry
Path Finder
‎02-05-2019 05:38 AM

Got this working - instructions for the Stream application/addon are a bit confusing as you have to use portions of each of the setups to get this going.
Steps :
Run permissions
Copy the Streamfwd.conf to the local directory within the addon
Make configuration changes in the streamfwd.conf file for netflow
Configure the http_input file for netflow using the same configuration key as the streamfwd.conf
Enable netflow through the GUI in the stream app
Enable stream through the output file in the default directory.

Rough steps **

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

Crashfry
Path Finder
‎02-05-2019 05:38 AM

Got this working - instructions for the Stream application/addon are a bit confusing as you have to use portions of each of the setups to get this going.
Steps :
Run permissions
Copy the Streamfwd.conf to the local directory within the addon
Make configuration changes in the streamfwd.conf file for netflow
Configure the http_input file for netflow using the same configuration key as the streamfwd.conf
Enable netflow through the GUI in the stream app
Enable stream through the output file in the default directory.

Rough steps **

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...