About the Splunk Add-on for NetFlow
This product has been deprecated. Use the Splunk Stream app to ingest Netflow data. See the Use Splunk Stream to ingest Netflow and IPFIX data topic in the Splunk Stream manual for more information.
|Vendor Products||NetFlow versions 5 and 7, with limited IPFIX headers support for NetFlow version 9|
The Splunk Add-on for NetFlow allows a Splunk software administrator to receive and convert NetFlow streams from compatible network gear. The add-on maps the NetFlow data to the Common Information Model for use with CIM-compliant apps, such as Splunk Enterprise Security and the Splunk App for PCI Compliance.
The Splunk Add-on for NetFlow is based on the NFDUMP project.
If you have NetFlow v10 data, see the Splunk Add-on for IPFIX. Sites using both NetFlow v5/v9 and IPFIX (v10) data may wish to use a combination of both add-ons, listening on different ports.
Download the Splunk Add-on for NetFlow from Splunkbase at http://splunkbase.splunk.com/app/1658.
Discuss the Splunk Add-on for NetFlow on Splunk Answers at http://answers.splunk.com/answers/app/1658.
Source types for the Splunk Add-on for NetFlow
This documentation applies to the following versions of Splunk® Supported Add-ons: released