You will need to download the source for NFDUMP and associated tools and compile for your OS. The project homepage for NFDUMP is http://nfdump.sourceforge.net/

There is a README file in the $SPLUNK_HOME/etc/apps/netflow directory. Here are the contents of that file:

Splunk for NetFlow App (v1.2)
3 Splunk for NetFlow App (v1.2)

4

5 Description:

6 Capture netflow binary records, translate them into

7 text files, and then feed to Splunk to produce

8 dashboards and reports.

9

10 Splunk Version: 4.1 and Higher

11 Supported Platform: Linux

12 Last Modified: Jun-2011

13

14 Author: Andrew Thanalertvisuti - Splunk, Inc.

15 athana@splunk.com

16 17 For support, please contact: bd-labs@splunk.com

*** Disclaimer ***

By default, the NetFlow app only works on Linux 64-bit platforms (due to issues with nfdump binary compatibility).
If you want to run this app on 32-bit platforms, rename two binary files "nfcapd_linux32" and "nfdump_linux32" to "nfcapd" and "nfdump", respectively. These files are located in the NetFlow app's "bin" dire
ctory, which is $SPLUNK_HOME/etc/apps/netflow/bin .

Following is an example of how to rename the files within the directory:

$ cd $SPLUNK_HOME/etc/apps/netflow/bin
$ mv nfcapd_linux32 nfcapd
$ mv nfdump_linux32 nfdump

NOTE: You can download the nfdump source code from: http://sourceforge.net/projects/nfdump/

*** Welcome to the Splunk for NetFlow App ***
The Splunk for NetFlow App produces dashboards and reports of NetFlow binary records, which are captured using nfdump and fed into Splunk. The app also allows you to search through the NetFlow records using
Splunk.

The configuration file (config.ini) is located in the app's "default" directory, which is $SPLUNK_HOME/etc/apps/netflow/default/config.ini . The app relies on the sourcetype=netflow.

NOTE: It may take up to 5 minutes for new data to show up.

For support, please contact: bd-labs@splunk.com