Skip to main content
Version: 2.11.2

Integration with Splunk

Integrating NetFlow Optimizer (NFO) with Splunk provides invaluable insights into network traffic patterns, enabling proactive threat detection, network performance optimization, and comprehensive visibility for effective troubleshooting. By leveraging Splunk's powerful analytics and visualization capabilities, organizations can gain actionable intelligence, enhance security posture, and streamline network operations.

Why Integrate NetFlow Optimizer with Splunk?

Network Flow data (NetFlow, sFlow, IPFIX) and SNMP metrics contain a wealth of information critical for understanding network behavior, identifying performance bottlenecks, and detecting security threats. NetFlow Optimizer excels at processing and normalizing massive volumes of diverse flow data, transforming raw network telemetry into structured, actionable insights. By integrating NFO with Splunk, organizations can unlock the full potential of this data, achieving:

  • Real-time Network Resource Management: Gain immediate insight into bandwidth consumption, top talkers, and application usage patterns.
  • Enhanced Network Visibility: Uncover hidden network activities and understand traffic flows across your entire infrastructure, including cloud environments.
  • Proactive Capacity Planning: Make informed decisions about network scaling and upgrades based on historical and real-time usage.
  • Rapid Congestion Troubleshooting: Quickly pinpoint and resolve network performance issues by identifying bottlenecks and congested paths.
  • Strengthened Cybersecurity: Integrate network flow data with security information to detect anomalous behavior, identify potential threats, and enhance incident response.

What This Integration Provides (Splunk-Side Components)

This integration delivers a comprehensive suite of tools for your Splunk environment, enabling deep analysis of network and SNMP data. The primary Splunk-side components are:

  • NetFlow and SNMP Analytics for Splunk App: This core Splunk application provides foundational dashboards, data models, and knowledge objects for general network flow analysis, offering immediate value upon deployment. It features pre-built dashboards for Firewall Analysis (Cisco ASA, Palo Alto Networks, VMware NSX), Cloud Monitoring (Microsoft Azure, AWS, Google Cloud Platform, hybrid environments), and SNMP Device Monitoring for hardware health and critical event alerting.

  • Technology Add-On for NetFlow (TA-netflow): This crucial add-on is responsible for collecting flow data processed by NetFlow Optimizer. It ensures that data is ingested with Splunk Common Information Model (CIM)-compliant field names, event types, and tags, facilitating consistent analysis across various data sources. The TA can be deployed on Splunk search heads, indexers, and heavy forwarders.

  • Enhanced Integrations: The rich, normalized data from NFO significantly improves the capabilities of other Splunk products. In addition to the core NetFlow and SNMP Analytics for Splunk App and Technology Add-On, the Content Pack for SNMP and NetFlow can be leveraged with solutions like Splunk IT Service Intelligence (ITSI) or Splunk IT Essentials Work (ITEW) for service-centric monitoring and operational analytics. Furthermore, NFO data is invaluable for Splunk Enterprise Security (ES) for advanced threat detection and correlation, and for Splunk Observability Cloud (O11y) for holistic operational insights and root cause analysis across applications, infrastructure, and network.

To integrate NetFlow Optimizer with Splunk Enterprise or Splunk Cloud platform, configure NFO output as Syslog, JSON, or Splunk HEC. For integration with Splunk Observability Cloud, choose the Open Telemetry output type.