Getting Data In

Ingesting cisco netflow HSL messages

d_lim
Path Finder

Hi all, so I've been trying to ingest cisco netflow logs into my splunk environment, and finally got the logs in with Splunk Stream.

However, there's a field "src_content" which seems to be unable to parse or read by splunk, and its appearing as symbols. I'm suspecting itt is due to cisco netflow sending them via High-Speed Logging. Is there a template for splunk to decode these?

It looks like this for eg.

src_content:

 "��`��f^P,d�N�q������l��z�so#(���

Labels (2)
0 Karma
Get Updates on the Splunk Community!

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!

What are Community Office Hours?Community Office Hours is an interactive 60-minute Zoom series where ...

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

A Prelude to .conf25: Your Guide to Splunk University

Heading to Boston this September for .conf25? Get a jumpstart by arriving a few days early for Splunk ...