In addition to setting up your inputs.conf as described by martin and mdonnelly.
I also had to copy palettesearches.conf into my local directory, edit these sections and restart splunk instance.
[NetworkMonitoring.OutboundHosts.Search]
search = index=windows sourcetype=WinNetMon host="$NetworkHost$" Direction=outbound earliest=-60m | top limit=10 RemoteHostName
use_timepicker = 1
[NetworkMonitoring.InboundHosts.Search]
search = index=windows sourcetype=WinNetMon host="$NetworkHost$" Direction=inbound earliest=-60m | top limit=10 RemoteHostName
use_timepicker = 1
[NetworkMonitoring.OutboundProcesses.Search]
search = index=windows sourcetype=WinNetMon host="$NetworkHost$" Direction=outbound earliest=-60m | top limit=10 ProcessName
use_timepicker = 1
[NetworkMonitoring.InboundProcesses.Search]
search = index=windows sourcetype=WinNetMon host="$NetworkHost$" Direction=inbound earliest=-60m | top limit=10 ProcessName
use_timepicker = 1
updating eventtypes.conf like this was not enough or did not work.
[windows_netmon]
search = index=windows sourcetype="WinNetMon"
Our server details.
Splunk Version: 6.2.0
Splunk Build: 237341
Current App: Splunk App for Windows Infrastructure
App Version: 1.0.4
App Build: 234279
... View more