Hi Guys,
I have installed the Splunk Add-on for NetFlow and also checked transforms.conf, fields but I can't see about src_inf or dst_inf values e.g: interface name Ethernet 0/0... How do I capture interface name? Thank you so much.
transforms.conf
FIELDS=
"start_time",
"end_time",
"duration",
"src_ip",
"dest_ip",
"src_port",
"dest_port",
"protocol",
"tcp_flag",
"fwd_status",
"src_tos",
"input_pkt",
"input_byte",
"output_pkt",
"output_byte",
"in_int",
"out_int",
"src_bgp_as",
"dest_bgp_as",
"src_mask",
"dest_mask",
"dest_tos",
"flow_dir",
"next_hop_router",
"bgp_next_hop_router",
"src_vlan",
"dest_vlan",
"in_src_mac",
"out_dest_mac",
"in_dest_mac",
"out_src_mac",
"mpls1",
"mpls2",
"mpls3",
"mpls4",
"mpls5",
"mpls6",
"mpls7",
"mpls8",
"mpls9",
"mpls10",
"client_latency",
"server_latency",
"app_latency",
"exp_ip",
"engine",
"exp_sys_id"
... View more