About the Splunk Add-on for NetFlow
|Vendor Products||NetFlow versions 5 and 7, with limited IPFIX headers support for NetFlow version 9|
The Splunk Add-on for NetFlow allows a Splunk software administrator to receive and convert NetFlow streams from compatible network gear. The add-on maps the NetFlow data to the Common Information Model for use with CIM-compliant apps, such as Splunk Enterprise Security and the Splunk App for PCI Compliance.
The Splunk Add-on for NetFlow is based on the NFDUMP project.
If you have NetFlow v10 data, see the Splunk Add-on for IPFIX. Sites using both NetFlow v5/v9 and IPFIX (v10) data may wish to use a combination of both add-ons, listening on different ports.
Download the Splunk Add-on for NetFlow from Splunkbase at http://splunkbase.splunk.com/app/1658.
Discuss the Splunk Add-on for NetFlow on Splunk Answers at http://answers.splunk.com/answers/app/1658.
Source types for the Splunk Add-on for NetFlow
This documentation applies to the following versions of Splunk® Supported Add-ons: released