Splunk Dev
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Stream Addon setup with Netflow from Firewall

Crashfry
Path Finder
‎12-14-2018 10:55 AM

So I have followed the most basic steps to setup the Stream TA within our test environment which is a single deployment instance. Setup the TA and ran the permissions file which seemed to work fine with no errors. I moved the streamfwd.conf file into the local directory of the instance and used the local IP address, the port for receiving that Netflow will be pointing to as well as the source being Netflow data. Restart Splunk as it seems this is the basic setup for ingesting Netflow data that is being sent to the server. Is this a correct assumption? I notice though that the port that i'm assuming should be listening is not when running a netstat and I have seen a couple questions on here regarding this issue of the port not listening after configuration - what am i missing with this? Is there further configuration from the Splunk side to get this going?

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Crashfry
Path Finder
‎02-05-2019 05:38 AM

Got this working - instructions for the Stream application/addon are a bit confusing as you have to use portions of each of the setups to get this going.
Steps :
Run permissions
Copy the Streamfwd.conf to the local directory within the addon
Make configuration changes in the streamfwd.conf file for netflow
Configure the http_input file for netflow using the same configuration key as the streamfwd.conf
Enable netflow through the GUI in the stream app
Enable stream through the output file in the default directory.

Rough steps **

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

Crashfry
Path Finder
‎02-05-2019 05:38 AM

Got this working - instructions for the Stream application/addon are a bit confusing as you have to use portions of each of the setups to get this going.
Steps :
Run permissions
Copy the Streamfwd.conf to the local directory within the addon
Make configuration changes in the streamfwd.conf file for netflow
Configure the http_input file for netflow using the same configuration key as the streamfwd.conf
Enable netflow through the GUI in the stream app
Enable stream through the output file in the default directory.

Rough steps **

0 Karma
Reply
Get Updates on the Splunk Community!

Unlock Database Monitoring with Splunk Observability Cloud

  In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and ...

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

At Cisco, purpose isn’t a tagline—it’s a commitment. Cisco’s FY25 Purpose Report outlines how the company is ...

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join us for a live Demo Day at the Cisco Store on January 21st 10:00am - 11:00am PST In the fast-paced world ...