Skip to main content
Version: 2.10.1

Installing into a Single Splunk Server

Step 1: Install the App and Add-on

Step 2: Create the Splunk data input

  1. Create the $SPLUNK_ROOT/etc/apps/TA-netflow/local/inputs.conf file, and add the following lines to it:

    [udp://10514]
    sourcetype = flowintegrator

  2. By default NetFlow Optimizer events will be stored in main index. In case you want to use another index, for example flowintegrator, please create the $SPLUNK_ROOT/etc/apps/TA-netflow/local/indexes.conf file, and add the following lines to it:

    [flowintegrator]
    homePath    = $SPLUNK_DB/flowintegrator/nfi_traffic/db
    coldPath    = $SPLUNK_DB/flowintegrator/nfi_traffic/colddb
    thawedPath  = $SPLUNK_DB/flowintegrator/thaweddb

    In that case make sure your $SPLUNK_ROOT/etc/apps/TA-netflow/local/inputs.conf file contains the following:

    [udp://10514]
    sourcetype = flowintegrator
    index = flowintegrator

    Also, in V2P Network Visibility for Splunk App (netflow_netops) you need to create $SPLUNK_ROOT/etc/apps/netflow_netops/local/macros.conf file contains the following. Edit this file to match your Splunk installation.

    [netflow_index] 
    definition = (index=main OR index=flowintegrator) sourcetype=flowintegrator

  3. Restart Splunk