Skip to main content
Version: Next

Splunk Integration

NetFlow Logic provides a suite of Splunk integrations built on a common data foundation — TA-netflow and NetFlow Optimizer (NFO). Together they deliver CIM-compliant, enriched network telemetry to Splunk Enterprise and Splunk Cloud, powering traffic analysis, device health monitoring, and security threat detection across on-premises and multi-cloud environments.

Components

ComponentTypeRequired By
TA-netflowTechnology Add-onAll integrations except Splunk O11y
NetFlow and SNMP Analytics AppVisualization App
DDoS Detector AppVisualization App
ITSI Content PackContent Pack
Splunk Enterprise SecurityES Integration
Splunk Observability CloudSeparate Product
note

TA-netflow is the shared data foundation for the Analytics App, DDoS Detector, ITSI Content Pack, and Splunk Enterprise Security integrations. It must be installed on all relevant Splunk tiers before any of these products can function. Splunk Observability Cloud (O11y) uses a different integration path and does not require TA-netflow.

Guides

📄️ TA-netflow

The shared data foundation for all NFO Splunk integrations. Provides CIM-compliant field mappings, sourcetype definitions, and index configuration for Splunk Enterprise and Splunk Cloud.

📄️ Deployment & Configuration

End-to-end setup guide — configure Splunk data inputs, NFO output, index macros, and verify the data pipeline.

📄️ NetFlow and SNMP Analytics App

Pre-built dashboards for network traffic analysis, security threat detection, and device health monitoring. Built on Splunk Dashboard Studio. Requires Splunk 10.4+.

📄️ DDoS Detector App

Real-time DDoS detection and alerting dashboards for Splunk. Requires TA-netflow and the NFO DDoS Detector module.

📄️ ITSI Content Pack

Pre-built service templates, KPIs, and entity discovery for Splunk IT Service Intelligence and IT Essentials Work. Requires TA-netflow.

📄️ Splunk Enterprise Security

CIM-compliant network telemetry for Splunk ES correlation searches and notable event generation. Requires TA-netflow.

📄️ Splunk Observability Cloud

Integration with Splunk O11y for streaming network metrics. Uses a separate integration path — TA-netflow is not required.

Looking for dashboard documentation for an older app version?

The dashboard reference for the previous NetFlow and SNMP Analytics App is available in the 2.12.0 documentation.