Deployment with Splunk Cloud

NetFlow Logic’s Technology Add-on for NetFlow and NetFlow Analytics for Splunk App both certified and vetted for Splunk Cloud deployment. Whether your organization has self-service or managed Splunk Cloud deployment, you need to install NFO and EDFN in your data center. Splunk forwarders are used to ingest data to Splunk Cloud. Select one of the above scenarios with universal forwarder or heavy forwarder that matches your syslog collection infrastructure.

In this diagram, starting from the bottom up:

  • Network device tier. Configure your routers, switches, firewalls, and virtual switches to send flows data to NFO.

  • NFO / EDFN tier. NFO receives flow data, performs preprocessing and optimization, enriches it with external data provided by EDFN, and sends it to Splunk forwarder or rsyslog or syslog-ng.

  • Splunk forwarder / rsyslog / syslog-ng tier. This is the data input for Splunk tier. In this tier you may have Splunk universal or heavy forwarders, and rsyslog / syslog-ng infrastructure.

  • Splunk Cloud tier. You need to install both Technology Add-on for Netflow (TA) and NetFlow Analytics for Splunk and other Apps here.