Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Stream Addon setup with Netflow from Firewall

Crashfry
Path Finder
‎12-14-2018 10:55 AM

So I have followed the most basic steps to setup the Stream TA within our test environment which is a single deployment instance. Setup the TA and ran the permissions file which seemed to work fine with no errors. I moved the streamfwd.conf file into the local directory of the instance and used the local IP address, the port for receiving that Netflow will be pointing to as well as the source being Netflow data. Restart Splunk as it seems this is the basic setup for ingesting Netflow data that is being sent to the server. Is this a correct assumption? I notice though that the port that i'm assuming should be listening is not when running a netstat and I have seen a couple questions on here regarding this issue of the port not listening after configuration - what am i missing with this? Is there further configuration from the Splunk side to get this going?

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Crashfry
Path Finder
‎02-05-2019 05:38 AM

Got this working - instructions for the Stream application/addon are a bit confusing as you have to use portions of each of the setups to get this going.
Steps :
Run permissions
Copy the Streamfwd.conf to the local directory within the addon
Make configuration changes in the streamfwd.conf file for netflow
Configure the http_input file for netflow using the same configuration key as the streamfwd.conf
Enable netflow through the GUI in the stream app
Enable stream through the output file in the default directory.

Rough steps **

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

Crashfry
Path Finder
‎02-05-2019 05:38 AM

Got this working - instructions for the Stream application/addon are a bit confusing as you have to use portions of each of the setups to get this going.
Steps :
Run permissions
Copy the Streamfwd.conf to the local directory within the addon
Make configuration changes in the streamfwd.conf file for netflow
Configure the http_input file for netflow using the same configuration key as the streamfwd.conf
Enable netflow through the GUI in the stream app
Enable stream through the output file in the default directory.

Rough steps **

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...