NetFlow Logic Documentation
NetFlow Logic Documentation
Home
Downloads
Free Trial
NetFlow Logic Documetation
NetFlow Optimizerâ„¢ (NFO) Overview
Core Products
NFO Installation Guide
NFO Administration Guide
NFO User Guide
EDFN Installation Guide
EDFN Administration Guide
Release Notes
Integrations and Apps
NetFlow Analytics for Splunk
Integration with Splunk Enterprise Security
Integration with Elasticsearch
Network Metrics Content Pack for VMware vRealize Log Insight
Solutions
Cloud Application Visibility & Security
Introduction
Solution Components
Before You Begin
Deployment Scenarios
Installation Overview
NetFlow Optimizer and EDFN Installation
Configure NFO Input and Output
Amazon VPC Flow Logs
Microsoft Azure NSG Flow Logs
Google Cloud Platform (GCP) VPC Flow Logs
Install Splunk App and Add-on
NetFlow-based DDoS Detection
V2P Network Visibility
FAQ
Frequently Asked Questions
SUPPORT
Troubleshooting Guide
Support Overview
Powered by GitBook

Deployment Scenarios

This section describes the different deployments you can use to accomplish your organizations' unique needs and goals.

The scenarios outlined below are presented as deployment guidelines for you to consider taking into account your current infrastructure and Splunk deployment. Although you could configure your NetFlow and AWS VPC Flow logs collection exactly as presented in one of the scenarios, these configurations are flexible and can be adjusted to match your needs and hardware resources.

Even though these scenarious show deployments with AWS, the same concepts can be applied to deployments for Microsoft Azure and Google Cloud Platform.

Scenario 1

You have Splunk Enterprise in your data center, you want to collect *flows from your network devices and AWS VPC Flow logs

  1. Install NFO/EDFN in your data center

  2. Configure NFO/EDFN VPC Flow logs access with at least one AWS account

  3. Configure NFO output to send data to Splunk Enterprise

Or

  1. Install NFO/EDFN in your data center

  2. Install another EDFN instance in AWS

  3. Configure NFO/EDFN VPC Flow logs access with AWS accounts or AWS roles

  4. Configure NFO output to send data to Splunk Enterprise

Scenario 2

You have Splunk Cloud, you want to collect *flows from your network devices in your data center and AWS VPC Flow logs

  1. Install NFO/EDFN in your data center

  2. Configure NFO/EDFN VPC Flow logs access with at least one AWS account

  3. Configure NFO output to send data to Splunk Forwarder, and Splunk Forwarder to send data to Splunk Cloud

Or

  1. Install NFO/EDFN in your data center

  2. Install another EDFN instance in AWS

  3. Configure NFO/EDFN VPC Flow logs access with AWS accounts or AWS roles

  4. Configure NFO output to send data to Splunk Forwarder, and Splunk Forwarder to send data to Splunk Cloud

Scenario 3

You have Splunk Cloud, you only want to collect AWS VPC Flow logs

  1. Install NFO/EDFN and Splunk Forwarder in your AWS environment

  2. Configure NFO/EDFN VPC Flow logs access with AWS accounts or AWS roles

  3. Configure NFO output to send data to Splunk Forwarder, and Splunk Forwarder to send data to Splunk Cloud

Scenario 4

You have Splunk Enterprise, you only want to collect AWS VPC Flow logs

  1. Install NFO/EDFN and Splunk Forwarder in your AWS environment

  2. Configure NFO/EDFN VPC Flow logs access with AWS accounts or AWS roles

  3. Configure NFO output to send data to Splunk Forwarder, and Splunk Forwarder to send data to Splunk Enterprise

Previous
Before You Begin
Next
Installation Overview
Last updated 5 months ago
Contents
Scenario 1
You have Splunk Enterprise in your data center, you want to collect *flows from your network devices and AWS VPC Flow logs
Scenario 2
You have Splunk Cloud, you want to collect *flows from your network devices in your data center and AWS VPC Flow logs
Scenario 3
You have Splunk Cloud, you only want to collect AWS VPC Flow logs
Scenario 4
You have Splunk Enterprise, you only want to collect AWS VPC Flow logs