I'm trying to set Splunk to index netflow data so it can be searched. The splunk server is getting the data but the data is not showing up in Splunk. I have installed the netflow for Splunk app. I have configured a switch to send data to UDP port 9995. I have also configured a data import for the same port. Data import for 10514 and 11514 have also been set up. By doing a tcpdump i have verified the splunk server is recieving the data on port 9995. I see no data in the tcpdump going to 10514 or 11514. I set debug for UDPInputProcessor, the splunkd.log shows that Splunk is at least seeing data come from the switch ip. Would anyone have any idea for what to check next? ... View more

We currently have Splunk Enterprise 5.0.2 in production. It is licensed for 10G. We need to do some testing in our lab and we would prefer to test on our current version (5.0.2). For our testing the 500 M version will work. I wasn't able to find this version on your website for download. Does any know if the Splunk Enterprise 5.0.2 500 Mb version is still on the website for download? ... View more