Installing Splunk For NetFLow


Hope I am not missing something simple but I do not see the install instructions for Splunk for Netflow.
I have already installed Splunk and I am using for my Syslog Server. I downloaded Splunk for Netflow but there are no install instructions. I do see the nfdump and nfcapd in the bin directory after unzipping. Is it just a matter of invoking nfcapd on the command line? I am using a Mac mini with OS X 10.6.8 Server installed.

Tags (2)
0 Karma



Thanks to dwaddle and some research on my on, I have determined that I need to install the NFDUMP code on my Mac Mini. I will do this after installing a C-Compiler on the mac mini. Thanks to all that responded.

0 Karma


You will need to download the source for NFDUMP and associated tools and compile for your OS. The project homepage for NFDUMP is


Thanks. Sometime simple is the best answer. 🙂

0 Karma


You might do just as well to get gcc for the mac out of macports.

0 Karma



Thanks. I finally figured that out. Only problem, don't have a C compiler installed on the Mac Mini. Trying to get that taken care of. The developer tools were not loaded and I need to open a new developer account.

0 Karma

Splunk Employee
Splunk Employee

There is a README file in the $SPLUNK_HOME/etc/apps/netflow directory. Here are the contents of that file:

Splunk for NetFlow App (v1.2)
3 Splunk for NetFlow App (v1.2)


5 Description:

6 Capture netflow binary records, translate them into

7 text files, and then feed to Splunk to produce

8 dashboards and reports.


10 Splunk Version: 4.1 and Higher

11 Supported Platform: Linux

12 Last Modified: Jun-2011


14 Author: Andrew Thanalertvisuti - Splunk, Inc.


16 17 For support, please contact:

*** Disclaimer ***

By default, the NetFlow app only works on Linux 64-bit platforms (due to issues with nfdump binary compatibility).
If you want to run this app on 32-bit platforms, rename two binary files "nfcapdlinux32" and "nfdumplinux32" to "nfcapd" and "nfdump", respectively. These files are located in the NetFlow app's "bin" dire
ctory, which is $SPLUNK_HOME/etc/apps/netflow/bin .

Following is an example of how to rename the files within the directory:

$ cd $SPLUNKHOME/etc/apps/netflow/bin
$ mv nfcapd
linux32 nfcapd
$ mv nfdump_linux32 nfdump

NOTE: You can download the nfdump source code from:

*** Welcome to the Splunk for NetFlow App ***
The Splunk for NetFlow App produces dashboards and reports of NetFlow binary records, which are captured using nfdump and fed into Splunk. The app also allows you to search through the NetFlow records using

The configuration file (config.ini) is located in the app's "default" directory, which is $SPLUNK_HOME/etc/apps/netflow/default/config.ini . The app relies on the sourcetype=netflow.

NOTE: It may take up to 5 minutes for new data to show up.

For support, please contact:


Yes. I read the README file. I saw the Linux 64-bit platform info. I assume this precludes me from loading on the mac mini. However, I still do not see "install" instructions. There is no "Configure" or "Make" files in any of the unzipped folders.

0 Karma