Hello,
You could also try the Scrutinizer add on for Splunk: https://www.plixer.com/splunk-integration.html which includes extensive support for Palo Alto: https://www.plixer.com/palo-alto-networks-integration.html.
Now you have a couple choices.
Hope this helps.
... View more
Hello,
Curious, why are you worried about sizing? Depending on the flow add on that you choose, you are only going to get summarized data anyway.
http://blog.tmcnet.com/advanced-netflow-traffic-analysis/2015/11/splunk-netflow-support-vendor-comparison.html
How many flows per second do you plan on sending to splunk?
... View more
Hello, I have two questions about your post:
1) What are these flows coming from (Cisco router, VMware NSX, nProbe)?
2) Is NetFlow or IPFIX being exported?
Thanks.
... View more