Dashboards & Visualizations

Index, gather, and graph Firewall flows



I'm trying tos earch a way to identify firewall flows on a whole Information System.
As I want to use Splunk Power..I'm trying to know if this scenario is possible and how (with which apps) :
- Deploy Splunk agents on firewall log collectors or servers, and routers (accept[andreject ?])
- Gather & Index Data with splunk
- Draw from Network IP level (logical IP view) the flaws coming from a subnet to another..

Is it possible ? Crazy ?

Thanks in advance for your suggestions.

NB: Benefit will be to index bandwdth flow and calculate throughput too.. later.. But at the moment i need to know WHAT is going though my Information System 🙂


I'm trying to find clues to HOW to do that 🙂

I read an interesting paper on another methond with afterflow,
approache is similar but less powerfull :

I plan to watch a webcast tonight on that subject :

I found several visualization solutions with a post:

tnv - The Network Visualizer or Time-based Network Visualizer

INAV - Interactive Network Active-traffic Visualization

Will look deeper in them.

Don't hesitate to give your answer on this resarch 🙂
My position is to :
1) Index flat files into splunk (firewall logs, routers logs..etc)
2) Then maybe integrate some other dat into splunk and visualize data FROM it.. the question is HOW.

flat files ---> splunk --> graph with what app ?


Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!