Hi All
I have installed nprobe to send data to splunk but unable to see any flow data on dashboard. i have also verified that flow reports are reaching my splunk server through tcpdump.
nprobe command:
nprobe -T "%IPV4_SRC_ADDR %L4_SRC_PORT %IPV4_DST_ADDR %L4_DST_PORT %PROTOCOL %IN_BYTES %OUT_BYTES %FIRST_SWITCHED %LAST_SWITCHED %HTTP_SITE %HTTP_RET_CODE %IN_PKTS %OUT_PKTS %IP_PROTOCOL_VERSION %APPLICATION_ID %L7_PROTO_NAME %ICMP_TYPE" -tcp -n "10.150.221.10:3333" -b 2 -i eth0 -json-labels
nprobe -v
Welcome to nprobe v.6.16.140317 ($Revision: 4065 $) for x86_64-unknown-linux-gnu
with native PF_RING acceleration.
... View more