Hello,

I'm new in splunk. Splunk with syslog works correct now. I try test netflow from cisco asa. I set netflow integrator on port 9995 and i set data source in splunk for udp on port 11514 source type netflow but netflow integrator not start:

NetFlow Integrator Server Status
NetFlow Integrator is not running.

i see in log:
/opt/splunk/etc/apps/netflow/logs # tail -f netflow_controller.log

2013-02-18 17:47:21,102 INFO Start server
2013-02-18 17:47:21,103 DEBUG Set lock!
2013-02-18 17:47:28,191 DEBUG Remove lock!
2013-02-18 17:47:28,227 DEBUG NetFlow Integrator is not running.

i tried start from cli:

/opt/splunk/etc/apps/netflow/bin/flowintegrator_linux64/bin # ./flowintegrator start
Starting Controller...
Starting NetFlow Integrator server...
but i get in logs:
tail -f server.log
2013-02-18 17:47:23 Starting server...
VERSION: 1.4.1.1.16
2013-02-18 17:48:11 Starting server...
VERSION: 1.4.1.1.16

i see also in logs:

tail -f nfc_server.2013-02-18.17_52_11.00.log
02-18 17:52:11.651 VERSION: 1.4.1.1.16
02-18 17:52:11.652 NETCONN: CONNECT to 127.0.0.1:20047 failed: 111
02-18 17:52:11.652 CONN SEND: failed to establish TCP/IP connection
02-18 17:52:11.652 CONN SR: send failed: 5 (attempt: 1)
02-18 17:52:11.674 NETCONN: gethostbyname() failed
02-18 17:52:11.674 Mgmt: receive failed: 107
02-18 17:52:11.674 Mgmt thread: exiting: 5
02-18 17:52:12.653 NETCONN: CONNECT to 127.0.0.1:20047 failed: 111
02-18 17:52:12.653 CONN SEND: failed to establish TCP/IP connection
02-18 17:52:12.653 CONN SR: send failed: 5 (attempt: 2)
02-18 17:52:13.653 NETCONN: CONNECT to 127.0.0.1:20047 failed: 111
02-18 17:52:13.653 CONN SEND: failed to establish TCP/IP connection
02-18 17:52:13.653 CONN SR: send failed: 5 (attempt: 3)

I'm stuck, thanks for help or any cue how to debug further..

thanks,
pop