Sampled NetFlow is available on some Cisco devices. sFlow is a feature of HP routers and switches. These features allow collecting NetFlow statistics for a subset of traffic on the interface, selecting only one out of "N" sequential packets, where "N" is a configurable parameter. It is used to improve router’s CPU utilization and to reduce the volume of generated NetFlow records.
Is there any interest in integrating Sampled NetFlow or sFlow into Splunk?
sFlow is now supported by NetFlow Integrator! It enables you to collect Sflow and monitor network traffic in our Splunk App.
We use Inmon for Sflow analytics today. I'd like to move to a single application as much as possible, but Inmon provides a lot of visibility for SFlow, SFlow-HTTP and IPFix.
In the future, I'd also like to be able to use IF-MAP to communicate with IPAM (Infoblox) and other asset/traffic management appliances, to give the SFlow/IPFix tools more granular knowledge about the network traffic and the user creating that traffic.
We are working on sFlow support in our product (Standard edition) and it is coming soon. We'd love to talk to you about how you will be using sFlow in Splunk. Please contact us at firstname.lastname@example.org.