Splunk Add-on for NetFlow

The Splunk Add-on for NetFlow allows a Splunk® Enterprise administrator to receive and convert NetFlow streams from compatible network gear. The add-on maps the NetFlow data to the Common Information Model for use with CIM-compliant apps, such as the Splunk App for Enterprise Security and the Splunk App for PCI Compliance. The Splunk Add-on for NetFlow is based on the NFDUMP project. If you have NetFlow v10 data, see the Splunk Add-on for IPFIX. Sites using both NetFlow v5/v9 and IPFIX (v10) data may wish to use a combination of both add-ons, listening on different ports. This add-on must be installed on a Linux instance of Splunk Enterprise for data collection. The add-on is platform independent for indexers and search heads.

Built by Splunk Inc.

Latest Version 3.0.1

May 29, 2015

Release notes

Compatibility

Not Available

Platform Version: 6.3, 6.2, 6.1, 6.0

CIM Version: 4.x, 3.x

Rating

0

(0)

Log in to rate this app

Support

Splunk Supported addon

Learn more

Ranking

#29

in Security, Fraud & Compliance

#37

in Utilities

The Splunk Add-on for NetFlow allows a Splunk® Enterprise administrator to receive and convert NetFlow streams from compatible network gear. The add-on maps the NetFlow data to the Common Information Model for use with CIM-compliant apps, such as the Splunk App for Enterprise Security and the Splunk App for PCI Compliance. The Splunk Add-on for NetFlow is based on the NFDUMP project. If you have NetFlow v10 data, see the Splunk Add-on for IPFIX. Sites using both NetFlow v5/v9 and IPFIX (v10) data may wish to use a combination of both add-ons, listening on different ports. This add-on must be installed on a Linux instance of Splunk Enterprise for data collection. The add-on is platform independent for indexers and search heads.